DEBIAN-CVE-2011-1022

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2011-1022
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1022.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2011-1022
Upstream
Published
2011-03-22T17:55:01.987Z
Modified
2025-11-19T01:01:59.663800Z
Summary
[none]
Details

The cgrereceivenetlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.

References

Affected packages

Debian:11 / libcgroup

Package

Name
libcgroup
Purl
pkg:deb/debian/libcgroup?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.37.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libcgroup

Package

Name
libcgroup
Purl
pkg:deb/debian/libcgroup?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.37.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libcgroup

Package

Name
libcgroup
Purl
pkg:deb/debian/libcgroup?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.37.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / libcgroup

Package

Name
libcgroup
Purl
pkg:deb/debian/libcgroup?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.37.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}