CVE-2011-2707 : The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel

The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.

Published 2012-05-24 23:55:02

Updated 2023-02-13 01:20:11

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2011-2707

Linux » Linux Kernel
Versions before (<) 3.1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2011-2707

Top countries where our scanners detected CVE-2011-2707

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2011-2707 2,636

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2011-2707!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2011-2707

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-2707

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.6	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:P	3.9	4.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H	0.8	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2011-2707

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-2707

http://www.openwall.com/lists/oss-security/2011/07/20/18

oss-security - Re: CVE request: kernel: arbitrary kernel read in xtensa
Mailing List;Third Party Advisory
https://github.com/torvalds/linux/commit/0d0138ebe24b94065580bd2601f8bb7eb6152f56

xtensa: prevent arbitrary read in ptrace · torvalds/linux@0d0138e · GitHub
Patch;Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1

Mailing List;Patch;Vendor Advisory

CVEs referencing this url
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0d0138ebe24b94065580bd2601f8bb7eb6152f56