CVE-2011-2495
Publication date 3 October 2011
Last updated 24 July 2024
Ubuntu priority
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user’s password.
From the Ubuntu Security Team
Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | 11.10 oneiric |
Not affected
|
11.04 natty |
Fixed 2.6.38-13.52
|
|
10.10 maverick |
Fixed 2.6.35-30.61
|
|
10.04 LTS lucid |
Fixed 2.6.32-35.78
|
|
8.04 LTS hardy |
Fixed 2.6.24-29.95
|
|
linux-ec2 | 11.10 oneiric | Not in release |
11.04 natty | Not in release | |
10.10 maverick | Ignored end of life | |
10.04 LTS lucid |
Fixed 2.6.32-319.39
|
|
8.04 LTS hardy | Not in release | |
linux-fsl-imx51 | 11.10 oneiric | Not in release |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid |
Fixed 2.6.31-611.29
|
|
8.04 LTS hardy | Not in release | |
linux-lts-backport-maverick | 11.10 oneiric | Not in release |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid |
Fixed 2.6.35-30.61~lucid1
|
|
8.04 LTS hardy | Not in release | |
linux-lts-backport-natty | 11.10 oneiric | Not in release |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid |
Fixed 2.6.38-13.52~lucid1
|
|
8.04 LTS hardy | Not in release | |
linux-lts-backport-oneiric | 11.10 oneiric | Not in release |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy | Not in release | |
linux-mvl-dove | 11.10 oneiric | Not in release |
11.04 natty | Not in release | |
10.10 maverick |
Fixed 2.6.32-419.37
|
|
10.04 LTS lucid |
Fixed 2.6.32-219.37
|
|
8.04 LTS hardy | Not in release | |
linux-ti-omap4 | 11.10 oneiric |
Not affected
|
11.04 natty |
Fixed 2.6.38-1209.17
|
|
10.10 maverick |
Fixed 2.6.35-903.26
|
|
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release |
Patch details
Package | Patch details |
---|---|
linux |
References
Related Ubuntu Security Notices (USN)
- USN-1241-1
- Linux kernel (i.MX51) vulnerabilities
- 25 October 2011
- USN-1243-1
- Linux kernel vulnerabilities
- 25 October 2011
- USN-1253-1
- Linux kernel vulnerabilities
- 8 November 2011
- USN-1239-1
- Linux kernel (EC2) vulnerabilities
- 25 October 2011
- USN-1281-1
- Linux (OMAP4) vulnerabilities
- 24 November 2011
- USN-1285-1
- Linux kernel vulnerabilities
- 29 November 2011
- USN-1279-1
- Linux (Natty backport) vulnerabilities
- 24 November 2011
- USN-1236-1
- Linux kernel vulnerabilities
- 20 October 2011
- USN-1244-1
- Linux kernel (OMAP4) vulnerabilities
- 25 October 2011
- USN-1240-1
- Linux kernel (Marvell DOVE) vulnerabilities
- 25 October 2011
- USN-1245-1
- Linux kernel (Marvell DOVE) vulnerabilities
- 25 October 2011
- USN-1242-1
- Linux kernel (Maverick backport) vulnerabilities
- 25 October 2011