CVE-2012-1097
Last modified
CVE-2012-1097 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | < 3.0.24 | — |
| Linux | Linux Kernel | >= 3.1, < 3.2.10 | — |
| Redhat | Enterprise Linux | 4.0 | — |
| Redhat | Enterprise Mrg | 2.0 | — |
| Suse | Linux Enterprise Desktop | 11 | Sp1 |
| Suse | Linux Enterprise High Availability Extension | 11 | Sp1 |
| Suse | Linux Enterprise Server | 11 | Sp1 |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.htmlMailing List, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-0481.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-0531.htmlThird Party Advisory
- http://secunia.com/advisories/48842Broken Link
- http://secunia.com/advisories/48898Broken Link
- http://secunia.com/advisories/48964Broken Link
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10Mailing List, Patch, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/03/05/1Mailing List, Patch, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=799209Issue Tracking, Patch, Third Party Advisory
- https://github.com/torvalds/linux/commit/c8e252586f8d5de906385d8cf6385fee289a825ePatch, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.htmlMailing List, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-0481.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-0531.htmlThird Party Advisory
- http://secunia.com/advisories/48842Broken Link
- http://secunia.com/advisories/48898Broken Link
- http://secunia.com/advisories/48964Broken Link
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10Mailing List, Patch, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/03/05/1Mailing List, Patch, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=799209Issue Tracking, Patch, Third Party Advisory
- https://github.com/torvalds/linux/commit/c8e252586f8d5de906385d8cf6385fee289a825ePatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-1097?
How severe is CVE-2012-1097?
How do I fix CVE-2012-1097?
Are you affected by CVE-2012-1097?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST