CVE-2011-1022 — Libcgroup vulnerability

CWE-2648 documents7 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 87.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libcgroup Project Libcgroup Debian Libcgroup Balbir Singh Libcgroup

Timeline

PublishedMar 22

Latest updateMay 17

Description

The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/libcgroup< libcgroup 0.37.1-1 (bookworm)

▶Debianlibcgroup_project/libcgroup< 0.37.1-1+3

▶NVDbalbir_singh/libcgroup0.37+16

Patches

Patch: bugs.debian.org ↗Patch: openwall.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-669f-5h8c-h58m: The cgre_receive_netlink_msg function in daemon/cgrulesengd↗2022-05-17

▶

OSV

CVE-2011-1022: The cgre_receive_netlink_msg function in daemon/cgrulesengd↗2011-03-22

▶

💥Exploits & PoCs

Exploit-DB

NEdit 5.5 - Format String↗2011-04-14

▶

📋Vendor Advisories

Red Hat

libcgroup: Uncheck origin of NETLINK messages↗2011-02-18

▶

Debian

CVE-2011-1022: libcgroup - The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in ...↗2011

▶

💬Community

Bugzilla

CVE-2011-1022 libcgroup: Uncheck origin of NETLINK messages [fedora-all]↗2011-02-25

▶

Bugzilla

CVE-2011-1022 libcgroup: Uncheck origin of NETLINK messages↗2011-02-25

▶