CVE-2012-1097

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.

References

http://www.openwall.com/lists/oss-security/2012/03/05/1

https://github.com/torvalds/linux/commit/c8e252586f8d5de906385d8cf6385fee289a825e

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c8e252586f8d5de906385d8cf6385fee289a825e

https://bugzilla.redhat.com/show_bug.cgi?id=799209

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10

http://secunia.com/advisories/48898

http://secunia.com/advisories/48842

http://secunia.com/advisories/48964

http://rhn.redhat.com/errata/RHSA-2012-0531.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html

http://rhn.redhat.com/errata/RHSA-2012-0481.html

Details

Source: MITRE

Published: 2012-05-17

Updated: 2020-07-27

Type: CWE-476

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
79484OracleVM 3.1 : kernel-uek (OVMSA-2012-0042)NessusOracleVM Local Security Checks
high
78922RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)NessusRed Hat Local Security Checks
high
74801openSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)NessusSuSE Local Security Checks
critical
74658openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)NessusSuSE Local Security Checks
critical
74604openSUSE Security Update : kernel (openSUSE-SU-2012:0540-1)NessusSuSE Local Security Checks
critical
68671Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2008)NessusOracle Linux Local Security Checks
high
68670Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2007)NessusOracle Linux Local Security Checks
high
68515Oracle Linux 6 : kernel (ELSA-2012-0481)NessusOracle Linux Local Security Checks
high
64173SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 6227 / 6229 / 6230)NessusSuSE Local Security Checks
high
64044RHEL 6 : kernel (RHSA-2012:1042)NessusRed Hat Local Security Checks
high
61302Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120417)NessusScientific Linux Local Security Checks
high
59322USN-1458-1 : linux-ti-omap4 vulnerabilitiesNessusUbuntu Local Security Checks
critical
59034Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1440-1)NessusUbuntu Local Security Checks
critical
58947Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1433-1)NessusUbuntu Local Security Checks
critical
58946Ubuntu 11.10 : linux vulnerabilities (USN-1431-1)NessusUbuntu Local Security Checks
critical
58871Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1426-1)NessusUbuntu Local Security Checks
high
58870Ubuntu 10.04 LTS : linux vulnerabilities (USN-1425-1)NessusUbuntu Local Security Checks
high
58845SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)NessusSuSE Local Security Checks
critical
58803CentOS 6 : kernel (CESA-2012:0481)NessusCentOS Local Security Checks
high
58773RHEL 6 : kernel (RHSA-2012:0481)NessusRed Hat Local Security Checks
high
58742Ubuntu 11.04 : linux vulnerabilities (USN-1422-1)NessusUbuntu Local Security Checks
critical
58741Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1421-1)NessusUbuntu Local Security Checks
critical
58495Ubuntu 10.10 : linux vulnerabilities (USN-1407-1)NessusUbuntu Local Security Checks
critical
58494Ubuntu 11.04 : linux vulnerabilities (USN-1406-1)NessusUbuntu Local Security Checks
critical
58493Ubuntu 11.10 : linux vulnerabilities (USN-1405-1)NessusUbuntu Local Security Checks
critical
58486Debian DSA-2443-1 : linux-2.6 - privilege escalation/denial of serviceNessusDebian Local Security Checks
high
58346Fedora 15 : kernel-2.6.42.9-2.fc15 (2012-3356)NessusFedora Local Security Checks
high
58312Fedora 16 : kernel-3.2.9-2.fc16 (2012-3350)NessusFedora Local Security Checks
high