CVE-2011-0726 (retired)

Priority
Description
The do_task_stat function in fs/proc/array.c in the Linux kernel before
2.6.39-rc1 does not perform an expected uid check, which makes it easier
for local users to defeat the ASLR protection mechanism by reading the
start_code and end_code fields in the /proc/#####/stat file for a process
executing a PIE binary.
Ubuntu-Description
Kees Cook reported that /proc/pid/stat did not correctly filter certain
memory locations. A local attacker could determine the memory layout of
processes in an attempt to increase the chances of a successful memory
corruption exploit.
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
More Information

Updated: 2019-03-26 11:55:21 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)