CVE-2011-2495

Priority
Description
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly
restrict access to /proc/#####/io files, which allows local users to obtain
sensitive I/O statistics by polling a file, as demonstrated by discovering
the length of another user's password.
Ubuntu-Description
Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy.
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
More Information

Updated: 2019-03-19 11:59:01 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)