CVE-2011-1021

Linux Kernel < 3.0 - Arbitrary Kernel Memory Write via ACPI Debugfs Custom Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1021. PoCs published by Jon Oberheide.

AI-analyzed exploit summary This exploit leverages a world-writable ACPI custom_method file in Linux kernels < 2.6.37-rc2 to inject malicious ACPI methods, overriding the LID device status query to overwrite kernel memory (sys_futimesat) and escalate privileges to root.

Description

drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jon Oberheide · clocallinux
https://www.exploit-db.com/exploits/15774

This exploit leverages a world-writable ACPI custom_method file in Linux kernels < 2.6.37-rc2 to inject malicious ACPI methods, overriding the LID device status query to overwrite kernel memory (sys_futimesat) and escalate privileges to root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux Kernel < 2.6.37-rc2
No auth needed
Prerequisites: World-writable /sys/kernel/debug/acpi/custom_method · ACPI LID device presence · 64-bit system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Scores

EPSS 0.0093
EPSS Percentile 55.7%

Details

CWE
CWE-264
Status published
Products (2)
linux/linux_kernel 2.6.9 rc1 (4 CPE variants)
linux/linux_kernel < 2.6.9
Published Jun 21, 2012
Tracked Since Feb 18, 2026