CVE-2011-4080
Published: 24 May 2012
The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment.
Notes
| Author | Note |
|---|---|
| tyhicks | There was some talk in the oss-sec thread about rejecting this CVE. It isn't clear if it was rejected or not. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Not vulnerable
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
(2.6.38-8.40)
|
|
| oneiric |
Not vulnerable
(2.6.39-0.1)
|
|
| precise |
Not vulnerable
(3.1.0-1.1)
|
|
| upstream |
Released
(2.6.39~rc1)
|
|
|
Patches: Introduced by eaf06b241b091357e72b76863ba16e89610d31bd |
||
|
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Not vulnerable
(3.2.0-1600.1)
|
|
| upstream |
Released
(2.6.39~rc1)
|
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc1)
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc1)
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc1)
|
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
(2.6.38-8.40~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc1)
|
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
(3.0.0-5.6~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc1)
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Not vulnerable
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc1)
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
(2.6.38-1208.11)
|
|
| oneiric |
Not vulnerable
(2.6.38-1309.13)
|
|
| precise |
Not vulnerable
(3.0.0-1401.2)
|
|
| upstream |
Released
(2.6.39~rc1)
|
|