ASLR Bypass Vulnerability in Linux Kernel's do_task_stat Function
CVE-2011-0726 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:N/A:N
The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.