A flaw was found in ptrace_setxregs in arch/xtensa/kernel/ptrace.c on Xtensa architecture. There was an arbitrary kernel read problem seen with no pre address validation. Here an attacker with a local access and a special user privilege (of CAP_SYS_PTRACE) can cause a confidentiality breach, this can even lead to a denial of service (DoS) problem. This allows a local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request. Reference: http://www.openwall.com/lists/oss-security/2011/07/20/18 Upstream commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d0138ebe24b94065580bd2601f8bb7eb6152f56
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1861852]
This is old enough to have not impacted any currently supported version of Fedora.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2011-2707
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Statement: There was no shipped kernel version seen affected by this problem.