CVE-2012-1097

high

Description

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.

References

https://github.com/torvalds/linux/commit/c8e252586f8d5de906385d8cf6385fee289a825e

https://bugzilla.redhat.com/show_bug.cgi?id=799209

http://www.openwall.com/lists/oss-security/2012/03/05/1

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10

http://rhn.redhat.com/errata/RHSA-2012-0531.html

http://rhn.redhat.com/errata/RHSA-2012-0481.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c8e252586f8d5de906385d8cf6385fee289a825e

Details

Source: Mitre, NVD

Published: 2012-05-17

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High