CVE-2011-0006

kernel: ima: fix add LSM rule bug

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.

La función ima_lsm_rule_init en security/integrity/ima/ima_policy.c en versiones del kernel de Linux anteriores a v2.6.37, cuando 'Linux Security Modules' (LSM) está desactivado, permite a usuarios locales eludir las reglas de 'Integrity Measurement Architecture' (IMA) en determinadas circunstancias aprovechándose de la inclusión de una regla IMA a LSM.

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Vegard Nossum discovered a leak in the kernel's inotify_init() system call. A local, unprivileged user could exploit this to cause a denial of service. An error was discovered in the kernel's handling of CUSE (Character device in Userspace). A local attacker might exploit this flaw to escalate privilege, if access to /dev/cuse has been modified to allow non-root users. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Local

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-12-07 CVE Reserved
2012-03-07 CVE Published
2024-08-06 CVE Updated
2025-06-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (6)

URL	Tag	Source
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37	X_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=867c20265459d30a01b021a9c1e81fb4c5832aa9	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2011/01/06/18	Mailing List

URL	Date	SRC

URL	Date	SRC
https://github.com/torvalds/linux/commit/867c20265459d30a01b021a9c1e81fb4c5832aa9	2023-02-13

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=667912	2011-05-10
https://access.redhat.com/security/cve/CVE-2011-0006	2011-05-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 2.6.36.4 Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.36.4"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.36.1 Search vendor "Linux" for product "Linux Kernel" and version "2.6.36.1"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.36.2 Search vendor "Linux" for product "Linux Kernel" and version "2.6.36.2"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.36.3 Search vendor "Linux" for product "Linux Kernel" and version "2.6.36.3"		-		Affected