CVE-2011-2495

CVSS v2.0 2.1 (Low)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 17

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2012-06-13 10:24:55
(12 years ago)
Updated Date: 2023-02-13 00:18:23
(19 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	Up To
Linux Kernel 2.6.39.3 and prior versions	cpe:2.3:o:linux:linux_kernel	<= 2.6.39.3
Linux Kernel 2.6.39	cpe:2.3:o:linux:linux_kernel:2.6.39
Linux Kernel 2.6.39 Rc1	cpe:2.3:o:linux:linux_kernel:2.6.39:rc1
Linux Kernel 2.6.39 Rc2	cpe:2.3:o:linux:linux_kernel:2.6.39:rc2
Linux Kernel 2.6.39 Rc3	cpe:2.3:o:linux:linux_kernel:2.6.39:rc3
Linux Kernel 2.6.39 Rc4	cpe:2.3:o:linux:linux_kernel:2.6.39:rc4
Linux Kernel 2.6.39 Rc5	cpe:2.3:o:linux:linux_kernel:2.6.39:rc5
Linux Kernel 2.6.39 Rc6	cpe:2.3:o:linux:linux_kernel:2.6.39:rc6
Linux Kernel 2.6.39 Rc7	cpe:2.3:o:linux:linux_kernel:2.6.39:rc7
Linux Kernel 2.6.39.1	cpe:2.3:o:linux:linux_kernel:2.6.39.1
Linux Kernel 2.6.39.2	cpe:2.3:o:linux:linux_kernel:2.6.39.2