CVE-2011-4916
Publication date 12 July 2022
Last updated 24 July 2024
Ubuntu priority
Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | 14.04 LTS trusty | Ignored |
| linux-armadaxp | 14.04 LTS trusty | Not in release |
| linux-ec2 | 14.04 LTS trusty | Not in release |
| linux-flo | 14.04 LTS trusty | Not in release |
| linux-fsl-imx51 | 14.04 LTS trusty | Not in release |
| linux-goldfish | 14.04 LTS trusty | Not in release |
| linux-grouper | 14.04 LTS trusty | Not in release |
| linux-lts-backport-maverick | 14.04 LTS trusty | Not in release |
| linux-lts-backport-natty | 14.04 LTS trusty | Not in release |
| linux-lts-backport-oneiric | 14.04 LTS trusty | Not in release |
| linux-lts-quantal | 14.04 LTS trusty | Not in release |
| linux-lts-raring | 14.04 LTS trusty | Not in release |
| linux-lts-saucy | 14.04 LTS trusty | Not in release |
| linux-maguro | 14.04 LTS trusty | Not in release |
| linux-mako | 14.04 LTS trusty | Not in release |
| linux-manta | 14.04 LTS trusty | Not in release |
| linux-mvl-dove | 14.04 LTS trusty | Not in release |
| linux-ti-omap4 | 14.04 LTS trusty | Not in release |
Notes
apw
kernel side this is likely fixed by the commits below, we likely either also need a local patch to change defaults or userspace work to ensure appropriate mount options: 0499680a42141d86417a8fbaa8c8db806bea1201 a2ef990ab5a6705a356d146dd773a3b359787497 They also need some chmoding. But basically upstream says that we have what we needed for these.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |