CVE-2011-4915: 
Linux Debian vulnerability analysis and mitigation

CVE-2011-4915 is a vulnerability in the Linux kernel through version 3.1 that affects the fs/proc/base.c component. The vulnerability was discovered in late 2011 and allows local users to obtain sensitive keystroke information by accessing /proc/interrupts. This information disclosure vulnerability enables attackers to monitor keyboard interrupt patterns to determine details about user input, including password lengths (CVE Details, Ubuntu Security).

The vulnerability exists due to world-readable access to /proc/interrupts, which contains information about the number of interrupts emitted since system boot. On multi-core systems, an attacker can monitor one CPU core while the victim executes on another, allowing them to track keyboard interrupt counters. The vulnerability has a CVSS 3.1 score of 5.5 (Medium), with attack vector being Local, attack complexity Low, and requiring Low privileges. The vulnerability primarily impacts confidentiality, with no impact on integrity or availability (Ubuntu Security).

The vulnerability allows local attackers to monitor keyboard interrupt patterns and determine the precise number of characters in users' passwords, particularly during the execution of privilege escalation tools like gksu. By analyzing the timing and frequency of interrupts, attackers can potentially perform statistical analysis to deduce the actual characters being typed (OSS Security).

The vulnerability was addressed through kernel commits 0499680a42141d86417a8fbaa8c8db806bea1201 and a2ef990ab5a6705a356d146dd773a3b359787497, which introduced new mount options (hidepid and gid) to restrict access to /proc/interrupts. The fix changes the default permissions of /proc/interrupts to be readable only by root users (LKML, Ubuntu Security).