CVE-2011-2495

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise versions prior to 2.6.39.4 btrfs-kmp-xen (affected versions not specified) btrfs-kmp-pae (affected versions not specified) kernel-desktop-devel (affected versions not specified)

Description The issue allows local users to obtain sensitive information, potentially leading to a breach of confidentiality, integrity, and availability of protected information. Exploitation can be performed locally. In the Linux kernel, the fs/proc/base.c file does not properly restrict access to /proc/#####/io files, enabling local users to obtain sensitive I/O statistics by polling a file. This could be used to discover the length of another user's password.

Recommendations For SUSE Linux Enterprise versions prior to 2.6.39.4, update to version 2.6.39.4 or later to resolve the issue. For btrfs-kmp-xen, btrfs-kmp-pae, and kernel-desktop-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.