UBUNTU-CVE-2011-1022

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2011-1022

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-1022.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2011-1022

Upstream

CVE-2011-1022

Withdrawn

2025-07-18T16:42:41Z

Published

2011-03-22T17:55:00Z

Modified

2025-07-16T07:30:44.257309Z

Severity

Ubuntu - medium

Summary

[none]

Details

The cgrereceivenetlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.

References

Affected packages

Ubuntu:14.04:LTS / libcgroup

Package

Name: libcgroup
Purl: pkg:deb/ubuntu/libcgroup@0.38-1ubuntu2?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.38-1ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0.38-1ubuntu2",
            "binary_name": "cgroup-bin"
        },
        {
            "binary_version": "0.38-1ubuntu2",
            "binary_name": "libcgroup-dev"
        },
        {
            "binary_version": "0.38-1ubuntu2",
            "binary_name": "libcgroup1"
        },
        {
            "binary_version": "0.38-1ubuntu2",
            "binary_name": "libpam-cgroup"
        }
    ]
}