First published: Mon Apr 25 2016(Updated: )
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1127.rt56.1093.el7 | 0:3.10.0-1127.rt56.1093.el7 |
redhat/kernel | <0:3.10.0-1127.el7 | 0:3.10.0-1127.el7 |
redhat/kernel | <0:3.10.0-957.56.1.el7 | 0:3.10.0-957.56.1.el7 |
redhat/kernel | <0:3.10.0-1062.26.1.el7 | 0:3.10.0-1062.26.1.el7 |
Linux Linux kernel | <4.8 | |
Debian Debian Linux | =8.0 | |
Netapp Active Iq Unified Manager For Vmware Vsphere | >=9.5 | |
Netapp Hci Management Node | ||
Netapp Snapprotect | ||
Netapp Solidfire | ||
Netapp Storage Replication Adapter For Clustered Data Ontap For Vmware Vsphere | >=7.2 | |
Netapp Vasa Provider For Clustered Data Ontap | >=7.2 | |
NetApp Virtual Storage Console for VMware vSphere | >=7.2 | |
Netapp Cn1610 Firmware | ||
Netapp Cn1610 | ||
IBM Data Risk Manager | <=2.0.6 | |
All of | ||
Netapp Cn1610 Firmware | ||
Netapp Cn1610 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)