CVE-2011-1021

Linux Kernel < 2.6.9 - Access Control

Title source: rule

Description

drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jon Oberheide · clocallinux

https://www.exploit-db.com/exploits/15774

View Code ZIP pw:eip

References (5)

[Various Sources] http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0

[Patch] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=526b4af47f44148c9d665e57723ed9f86634c6e3

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=680841

[Exploit, Patch] https://github.com/torvalds/linux/commit/526b4af47f44148c9d665e57723ed9f86634c6e3

[Mailing List] http://www.openwall.com/lists/oss-security/2011/02/25/5

Scores

EPSS 0.0016

EPSS Percentile 36.7%

Details

CWE

CWE-264

Status published

Products (2)

linux/linux_kernel 2.6.9 rc1 (4 CPE variants)

linux/linux_kernel < 2.6.9

Published Jun 21, 2012

Tracked Since Feb 18, 2026