CVE-2011-2494
kernel: taskstats io infoleak
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.
kernel/taskstats.c del kernel de Linux en versiones anteriores a la 3.1 permite a usuarios locales obtener información confidencial de estadísticas de I/O enviando comandos taskstats al socket netlink, tal como se ha demostrado descubriendo la longitud de la contraseña de otro usuario.
Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-06-15 CVE Reserved
- 2011-10-20 CVE Published
- 2024-08-06 CVE Updated
- 2025-05-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1a51410abe7d0ee4b1d112780f46df87d3621043 | X_refsource_confirm | |
| http://secunia.com/advisories/48898 | Third Party Advisory | |
| http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2011/06/27/1 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043 | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=716842 | 2012-01-10 | |
| https://access.redhat.com/security/cve/CVE-2011-2494 | 2012-01-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.0.34 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.0.34" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.1 Search vendor "Linux" for product "Linux Kernel" and version "3.0.1" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.2 Search vendor "Linux" for product "Linux Kernel" and version "3.0.2" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.3 Search vendor "Linux" for product "Linux Kernel" and version "3.0.3" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.4 Search vendor "Linux" for product "Linux Kernel" and version "3.0.4" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.5 Search vendor "Linux" for product "Linux Kernel" and version "3.0.5" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.6 Search vendor "Linux" for product "Linux Kernel" and version "3.0.6" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.7 Search vendor "Linux" for product "Linux Kernel" and version "3.0.7" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.8 Search vendor "Linux" for product "Linux Kernel" and version "3.0.8" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.9 Search vendor "Linux" for product "Linux Kernel" and version "3.0.9" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.10 Search vendor "Linux" for product "Linux Kernel" and version "3.0.10" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.11 Search vendor "Linux" for product "Linux Kernel" and version "3.0.11" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.12 Search vendor "Linux" for product "Linux Kernel" and version "3.0.12" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.13 Search vendor "Linux" for product "Linux Kernel" and version "3.0.13" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.14 Search vendor "Linux" for product "Linux Kernel" and version "3.0.14" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.15 Search vendor "Linux" for product "Linux Kernel" and version "3.0.15" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.16 Search vendor "Linux" for product "Linux Kernel" and version "3.0.16" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.17 Search vendor "Linux" for product "Linux Kernel" and version "3.0.17" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.18 Search vendor "Linux" for product "Linux Kernel" and version "3.0.18" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.19 Search vendor "Linux" for product "Linux Kernel" and version "3.0.19" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.20 Search vendor "Linux" for product "Linux Kernel" and version "3.0.20" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.21 Search vendor "Linux" for product "Linux Kernel" and version "3.0.21" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.22 Search vendor "Linux" for product "Linux Kernel" and version "3.0.22" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.23 Search vendor "Linux" for product "Linux Kernel" and version "3.0.23" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.24 Search vendor "Linux" for product "Linux Kernel" and version "3.0.24" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.25 Search vendor "Linux" for product "Linux Kernel" and version "3.0.25" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.26 Search vendor "Linux" for product "Linux Kernel" and version "3.0.26" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.27 Search vendor "Linux" for product "Linux Kernel" and version "3.0.27" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.28 Search vendor "Linux" for product "Linux Kernel" and version "3.0.28" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.29 Search vendor "Linux" for product "Linux Kernel" and version "3.0.29" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.30 Search vendor "Linux" for product "Linux Kernel" and version "3.0.30" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.31 Search vendor "Linux" for product "Linux Kernel" and version "3.0.31" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.32 Search vendor "Linux" for product "Linux Kernel" and version "3.0.32" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0.33 Search vendor "Linux" for product "Linux Kernel" and version "3.0.33" | - |
Affected
| ||||||