The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
Systemtap
  • Systemtap

Configuration 1 [-]

OR cpe:2.3:a:systemtap:systemtap:*:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.3:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.4:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.7:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.8:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.10:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.12:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.13:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.14:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.6:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.7:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.8:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.9:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:1.0:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:1.1:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:1.2:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:1.3:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:1.4:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5
systemtap-0:1.3-9.el5 cpe:/o:redhat:enterprise_linux:5 RHSA-2011:1089 2011-07-25T00:00:00Z
Red Hat Enterprise Linux 6
systemtap-0:1.4-6.el6_1.2 cpe:/o:redhat:enterprise_linux:6 RHSA-2011:1088 2011-07-25T00:00:00Z
References
Link Providers
http://secunia.com/advisories/45377 cve-icon cve-icon
http://secunia.com/advisories/46920 cve-icon cve-icon
http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=blob%3Bf=NEWS%3Bhb=304d73b1fea24af791f2a129fb141c5009eae6a8 cve-icon cve-icon
http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commitdiff%3Bh=ed51cfa24ca27746ab09b59280b94117dd58cba3 cve-icon cve-icon
http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commitdiff;h=ed51cfa24ca27746ab09b59280b94117dd58cba3 cve-icon
http://www.debian.org/security/2011/dsa-2348 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2011-2503 cve-icon
https://www.cve.org/CVERecord?id=CVE-2011-2503 cve-icon
History

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00069}

 epss

{'score': 0.00112}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-26T19:00:00Z

Updated: 2024-09-17T01:01:54.529Z

Reserved: 2011-06-15T00:00:00Z

Link: CVE-2011-2503

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2012-07-26T19:55:00.793

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-2503

cve-icon Redhat

Severity : Moderate

Publid Date: 2011-07-25T00:00:00Z

Links: CVE-2011-2503 - Bugzilla