Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-2707

Опубликовано: 08 июл. 2011
Источник: redhat
CVSS3: 6
EPSS Низкий

Описание

The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.

A flaw was found in ptrace_setxregs in arch/xtensa/kernel/ptrace.c on the Xtensa architecture, where there was an arbitrary kernel read problem seen without a pre-address validation. This flaw allows an attacker with local access and special user privileges (of CAP_SYS_PTRACE) to cause a confidentiality breach, resulting in a denial of service. The highest threat from this vulnerability is to confidentiality and system availability.

Отчет

Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Xtensa processor architecture.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1861851kernel: exposure of sensitive information via a crafted PTRACE_SETXTREGS request

EPSS

Процентиль: 28%
0.00097
Низкий

6 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2011-2707

CVSS3: 6
nvd
около 13 лет назад

The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.

debian логотип

CVE-2011-2707

CVSS3: 6
debian
около 13 лет назад

The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Lin ...

github логотип

GHSA-3x44-c8w2-mxwg

CVSS3: 6
github
около 3 лет назад

The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.

oracle-oval логотип

ELSA-2011-2037

oracle-oval
больше 13 лет назад

ELSA-2011-2037: Unbreakable Enterprise kernel security and bug fix update (MODERATE)

EPSS

Процентиль: 28%
0.00097
Низкий

6 Medium

CVSS3