Summary: | Kernel: mm_for_maps() /proc/$pid/maps information disclosure (CVE-2009-2691) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | cilly <cilly> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hardened-kernel+disabled, kernel |
Priority: | Highest | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.kernel.org/linus/13f0feafa6b8aead57a2a328e2fca6a5828bf286 | ||
Whiteboard: | [linux < 2.6.31] | ||
Package list: | Runtime testing required: | --- |
Description
cilly
2009-08-12 07:16:24 UTC
CVE-2009-2691 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2691): The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. |