[CVE-2011-2495] restrict access to /proc/PID/io
Andy Whitcroft
apw at canonical.com
Tue Oct 4 17:52:36 UTC 2011
CVE-2011-2495
procfs io info disclosure
The fix for this issue has hit oneiric via mainline. Half of the fix
has hit lucid via stable. Following this email are four patch sets:
one for hardy; one for lucid; one for lucid/fsl-imx51, maverick, and
maverick/ti-omap4; and one for natty and natty/ti-omap4.
Note that for hardy the locking is looser than that in upstream this may
leave a small window which may be exploitable though closing the glaring
exposures. The locks which are used to ensure there is no window are
not in existance back in hardy. Indeed the races in exec which they are
introduced to fix are also present.
Proposing for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
natty, and natty/ti-omap4.
-apw
More information about the kernel-team
mailing list