CVE-2011-0726

Priority
Description
The do_task_stat function in fs/proc/array.c in the Linux kernel before
2.6.39-rc1 does not perform an expected uid check, which makes it easier
for local users to defeat the ASLR protection mechanism by reading the
start_code and end_code fields in the /proc/#####/stat file for a process
executing a PIE binary.
Ubuntu-Description
Kees Cook reported that /proc/pid/stat did not correctly filter certain
memory locations. A local attacker could determine the memory layout of
processes in an attempt to increase the chances of a successful memory
corruption exploit.
Notes
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
More Information

Updated: 2020-03-18 22:05:36 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)