Unrated severityNVD Advisory· Published Mar 22, 2011· Updated Apr 29, 2026
CVE-2011-1022
CVE-2011-1022
Description
The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.
Affected products
17cpe:2.3:a:balbir_singh:libcgroup:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:balbir_singh:libcgroup:*:*:*:*:*:*:*:*range: <=0.37
- cpe:2.3:a:balbir_singh:libcgroup:0.1b:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.1c:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.31:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.32:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.32.1:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.32.2:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.33:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.34:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.35:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.35.1:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.36:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.36.1:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.36.2:*:*:*:*:*:*:*
- cpe:2.3:a:balbir_singh:libcgroup:0.37:rc1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
23- bugs.debian.org/cgi-bin/bugreport.cginvdPatch
- openwall.com/lists/oss-security/2011/02/25/11nvdPatch
- openwall.com/lists/oss-security/2011/02/25/12nvdPatch
- openwall.com/lists/oss-security/2011/02/25/6nvdPatch
- openwall.com/lists/oss-security/2011/02/25/9nvdPatch
- sourceforge.net/mailarchive/message.phpnvdPatch
- sourceforge.net/mailarchive/message.phpnvdPatch
- sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/downloadnvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- secunia.com/advisories/43611nvdVendor Advisory
- secunia.com/advisories/43758nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0679nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.htmlnvd
- lists.opensuse.org/opensuse-updates/2011-04/msg00027.htmlnvd
- openwall.com/lists/oss-security/2011/02/25/14nvd
- secunia.com/advisories/43891nvd
- secunia.com/advisories/44093nvd
- www.debian.org/security/2011/dsa-2193nvd
- www.redhat.com/support/errata/RHSA-2011-0320.htmlnvd
- www.securityfocus.com/bid/46578nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2011/0774nvd
News mentions
0No linked articles in our index yet.