CVE-2012-1097

Sažetak

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.

Reference

http://www.openwall.com/lists/oss-security/2012/03/05/1
https://github.com/torvalds/linux/commit/c8e252586f8d5de906385d8cf6385fee289a825e
https://bugzilla.redhat.com/show_bug.cgi?id=799209
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10
http://secunia.com/advisories/48898
http://secunia.com/advisories/48842
http://secunia.com/advisories/48964
http://rhn.redhat.com/errata/RHSA-2012-0531.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
http://rhn.redhat.com/errata/RHSA-2012-0481.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c8e252586f8d5de906385d8cf6385fee289a825e

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

13-02-2023 - 04:32

Objavljeno

17-05-2012 - 11:00