cbcvebase.
CVE-2011-1020
published 2011-02-28

CVE-2011-1020: The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process…

PriorityP419medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.92%
55.9th percentile
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.

Affected

1 ranges
VendorProductVersion rangeFixed in
linuxlinux_kernel< 2.6.372.6.37

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_ubuntu6.9MEDIUM
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.