CVE-2011-2494

Linux Kernel < 3.1 - Unauthorized Sensitive I/O Statistics Exposure via Taskstats Netlink Commands

Title source: llm
STIX 2.1

Description

kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.

References (7)

Core 7

Scores

EPSS 0.0035
EPSS Percentile 27.4%

Details

CWE
CWE-200
Status published
Products (34)
linux/linux_kernel 3.0.1
linux/linux_kernel 3.0.2
linux/linux_kernel 3.0.3
linux/linux_kernel 3.0.4
linux/linux_kernel 3.0.5
linux/linux_kernel 3.0.6
linux/linux_kernel 3.0.7
linux/linux_kernel 3.0.8
linux/linux_kernel 3.0.9
linux/linux_kernel 3.0.10
... and 24 more
Published Jun 13, 2012
Tracked Since Feb 18, 2026