CVE-2011-2503

Published: Jul 26, 2012Modified: Apr 29, 2026

3.7

Vector

AV:L/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 1.9 / Impact: 6.4

Source: NVD

Description

The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.

Affected (30)

Products: Systemtap: Systemtap

Systemtap

1 product

Systemtap

Configuration A

30 vulnerable

Vulnerable Software	Affected Versions
Systemtap Systemtap	Up to 1.5
Systemtap Systemtap	Version 0.2.2
Systemtap Systemtap	Version 0.3
Systemtap Systemtap	Version 0.4
Systemtap Systemtap	Version 0.5.10
Systemtap Systemtap	Version 0.5.12
Systemtap Systemtap	Version 0.5.13
Systemtap Systemtap	Version 0.5.14
Systemtap Systemtap	Version 0.5.3
Systemtap Systemtap	Version 0.5.4
Systemtap Systemtap	Version 0.5.5
Systemtap Systemtap	Version 0.5.7
Systemtap Systemtap	Version 0.5.8
Systemtap Systemtap	Version 0.5.9
Systemtap Systemtap	Version 0.5
Systemtap Systemtap	Version 0.6.2
Systemtap Systemtap	Version 0.6
Systemtap Systemtap	Version 0.7.2
Systemtap Systemtap	Version 0.7
Systemtap Systemtap	Version 0.8
Systemtap Systemtap	Version 0.9.5
Systemtap Systemtap	Version 0.9.7
Systemtap Systemtap	Version 0.9.8
Systemtap Systemtap	Version 0.9.9
Systemtap Systemtap	Version 0.9
Systemtap Systemtap	Version 1.0
Systemtap Systemtap	Version 1.1
Systemtap Systemtap	Version 1.2
Systemtap Systemtap	Version 1.3
Systemtap Systemtap	Version 1.4