CVE-2012-0957
published 2012-12-21CVE-2012-0957: The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via…
PriorityP420medium4.9CVSS 2.0
AVLACLAuNCCINAN
EXPLOIT
EPSS
0.96%
57.0th percentile
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.
Affected
113 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 3.2.32-1 (bookworm) | linux 3.2.32-1 (bookworm) |
| linux | linux_kernel | <= 3.4.15 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:C/I:N/A:N
osv4.9MEDIUM
vendor_debian4.9MEDIUM
vendor_redhat4.9MEDIUM
vendor_ubuntu4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (Quantal HWE) regression
vendor_ubuntu·2013-02-01·CVSS 4.9
[MEDIUM] Linux kernel (Quantal HWE) regression
Title: Linux kernel (Quantal HWE) regression
Summary: USN-1704-1 introduced a regression in the Linux kernel.
USN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated
regression inotify/fanotify stopped working after upgrading. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
unprivileged user could exploit this flaw to read kernel stack memory.
(CVE-2012-0957)
Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual
machine) subsystem's handling of the XSAVE feature. On hosts, using qemu
userspace, without the XSAVE feature an unprivileged local attacker could
exploit this flaw to crash the system. (CVE-2012-4461)
Dmitry Monakho
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities
vendor_ubuntu·2013-01-22·CVSS 4.9
CVE-2012-0957 [MEDIUM] Linux kernel (Quantal HWE) vulnerabilities
Title: Linux kernel (Quantal HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
unprivileged user could exploit this flaw to read kernel stack memory.
(CVE-2012-0957)
Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual
machine) subsystem's handling of the XSAVE feature. On hosts, using qemu
userspace, without the XSAVE feature an unprivileged local attacker could
exploit this flaw to crash the system. (CVE-2012-4461)
Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem
that can expose stale data. An unprivileged user could exploit this flaw to
cause an information leak. (CVE-2012-4508)
A flaw was discovered in the Linux kernel's handling o
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2012-11-30·CVSS 4.9
CVE-2012-0957 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
unprivileged user could exploit this flaw to read kernel stack memory.
(CVE-2012-0957)
Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem
that can expose stale data. An unprivileged user could exploit this flaw to
cause an information leak. (CVE-2012-4508)
Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
congestion control algorithm. A local attacker could use this to cause a
denial of service. (CVE-2012-4565)
Mathias Krause discovered a flaw in the Linux kernel's XFRM netlink
interface. A local user with the NET_ADMIN capability could exploit this
flaw to leak the contents of
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2012-11-30·CVSS 4.9
CVE-2012-0957 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
unprivileged user could exploit this flaw to read kernel stack memory.
(CVE-2012-0957)
Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
congestion control algorithm. A local attacker could use this to cause a
denial of service. (CVE-2012-4565)
Mathias Krause discovered a flaw in the Linux kernel's XFRM netlink
interface. A local user with the NET_ADMIN capability could exploit this
flaw to leak the contents of kernel memory. (CVE-2012-6536)
Mathias Krause discovered several errors in the Linux kernel's xfrm_user
implementation. A local attacker could exploit these flaws to examine parts
of kernel m
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2012-11-30·CVSS 4.9
CVE-2012-0957 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
unprivileged user could exploit this flaw to read kernel stack memory.
(CVE-2012-0957)
Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
congestion control algorithm. A local attacker could use this to cause a
denial of service. (CVE-2012-4565)
Mathias Krause discovered a flaw in the Linux kernel's XFRM netlink
interface. A local user with the NET_ADMIN capability could exploit this
flaw to leak the contents of kernel memory. (CVE-2012-6536)
Mathias Krause discovered several errors in the Linux kernel's xfrm_user
implementation. A local attacker could exploit these flaws to examine parts
of kernel m
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2012-11-30·CVSS 4.9
CVE-2012-0957 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
unprivileged user could exploit this flaw to read kernel stack memory.
(CVE-2012-0957)
Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem
that can expose stale data. An unprivileged user could exploit this flaw to
cause an information leak. (CVE-2012-4508)
Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
congestion control algorithm. A local attacker could use this to cause a
denial of service. (CVE-2012-4565)
Mathias Krause discovered a flaw in the Linux kernel's XFRM netlink
interface. A local user with the NET_ADMIN capability could exploit this
flaw to leak the con
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2012-11-30·CVSS 4.9
CVE-2012-0957 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
unprivileged user could exploit this flaw to read kernel stack memory.
(CVE-2012-0957)
Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
congestion control algorithm. A local attacker could use this to cause a
denial of service. (CVE-2012-4565)
Mathias Krause discovered a flaw in the Linux kernel's XFRM netlink
interface. A local user with the NET_ADMIN capability could exploit this
flaw to leak the contents of kernel memory. (CVE-2012-6536)
Mathias Krause discovered several errors in the Linux kernel's xfrm_user
implementation. A local attacker could exploit these flaws to examine parts
of
Ubuntu
Linux kernel (Oneiric backport) vulnerabilities
vendor_ubuntu·2012-11-30·CVSS 4.9
CVE-2012-0957 [MEDIUM] Linux kernel (Oneiric backport) vulnerabilities
Title: Linux kernel (Oneiric backport) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
unprivileged user could exploit this flaw to read kernel stack memory.
(CVE-2012-0957)
Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
congestion control algorithm. A local attacker could use this to cause a
denial of service. (CVE-2012-4565)
Mathias Krause discovered a flaw in the Linux kernel's XFRM netlink
interface. A local user with the NET_ADMIN capability could exploit this
flaw to leak the contents of kernel memory. (CVE-2012-6536)
Mathias Krause discovered several errors in the Linux kernel's xfrm_user
implementation. A local attacker could exploit these flaws to examin
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2012-11-30·CVSS 4.9
CVE-2012-0957 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
unprivileged user could exploit this flaw to read kernel stack memory.
(CVE-2012-0957)
Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
congestion control algorithm. A local attacker could use this to cause a
denial of service. (CVE-2012-4565)
Mathias Krause discovered a flaw in the Linux kernel's XFRM netlink
interface. A local user with the NET_ADMIN capability could exploit this
flaw to leak the contents of kernel memory. (CVE-2012-6536)
Mathias Krause discovered several errors in the Linux kernel's xfrm_user
implementation. A local attacker could exploit these flaws to examine parts
of
Red Hat
kernel: uts: stack memory leak in UNAME26
vendor_redhat·2012-10-09·CVSS 4.9
CVE-2012-0957 [MEDIUM] CWE-401 kernel: uts: stack memory leak in UNAME26
kernel: uts: stack memory leak in UNAME26
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.
Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.
This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2012-0957: linux - The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 ...
vendor_debian·2012·CVSS 4.9
CVE-2012-0957 [MEDIUM] CVE-2012-0957: linux - The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 ...
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.
Scope: local
bookworm: resolved (fixed in 3.2.32-1)
bullseye: resolved (fixed in 3.2.32-1)
forky: resolved (fixed in 3.2.32-1)
sid: resolved (fixed in 3.2.32-1)
trixie: resolved (fixed in 3.2.32-1)
GHSA
GHSA-v32w-48qp-8cv8: The override_release function in kernel/sys
ghsa_unreviewed·2022-05-17
CVE-2012-0957 [MEDIUM] GHSA-v32w-48qp-8cv8: The override_release function in kernel/sys
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.
OSV
CVE-2012-0957: The override_release function in kernel/sys
osv·2012-12-21·CVSS 4.9
CVE-2012-0957 [MEDIUM] CVE-2012-0957: The override_release function in kernel/sys
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.
Kernel
kernel/sys.c: fix stack memory content leak via UNAME26
kernel_security·2012-10-19·CVSS 4.9
CVE-2012-0957 [MEDIUM] kernel/sys.c: fix stack memory content leak via UNAME26
kernel/sys.c: fix stack memory content leak via UNAME26
Calling uname() with the UNAME26 personality set allows a leak of kernel
stack contents. This fixes it by defensively calculating the length of
copy_to_user() call, making the len argument unsigned, and initializing
the stack buffer to zero (now technically unneeded, but hey, overkill).
CVE-2012-0957
Reported-by: PaX Team
Signed-off-by: Kees Cook
Cc: Andi Kleen
Cc: PaX Team
Cc: Brad Spengler
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
No detection rules found.
Bugzilla
CVE-2012-0957 kernel: uts: stack memory leak in UNAME26 [fedora-all]
bugzilla·2012-10-10·CVSS 4.9
CVE-2012-0957 [MEDIUM] CVE-2012-0957 kernel: uts: stack memory leak in UNAME26 [fedora-all]
CVE-2012-0957 kernel: uts: stack memory leak in UNAME26 [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=8
Bugzilla
CVE-2012-0957 kernel: uts: stack memory leak in UNAME26
bugzilla·2012-10-03·CVSS 4.9
CVE-2012-0957 [MEDIUM] CVE-2012-0957 kernel: uts: stack memory leak in UNAME26
CVE-2012-0957 kernel: uts: stack memory leak in UNAME26
Description of the problem:
The uname() syscall since 3.0 with the UNAME26 personality leaks kernel
stack memory contents.
Acknowledgements:
Red Hat would like to thank Kees Cook for reporting this issue.
Discussion:
Statement:
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.
This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2.
---
Created kernel tracking bugs for this issue
Affects: fedora-all [bug 864824]
---
Upstream proposed patch:
https://lkml.org/lkml/2012/10/9/550
---
This is the upstream patch
git describe --all --contains 2702b
arXiv
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
arxiv_fulltext·2022-09-26
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
Meghna Pancholi
[email protected]
Columbia University
Andreas D. Kellas
[email protected]
Columbia University
Vasileios P. Kemerlis
[email protected]
Brown University
Simha Sethumadhavan
[email protected]
Columbia University
## Abstract
We introduce , a novel technique for automatically learning system
call filtering policies for containerized microservices applications. At
run-time, automatically learns which system calls a program should
be allowed to invoke, while rejecting attempts to call spurious system calls.
Further, addresses many of the shortcomings of state-of-the-art
static analysis-based techniques, such as the ability to generate tight filters
for programs written in interpreted languages such as PHP, Python, and
JavaScript. has a simple and rob
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2702b1526c7278c4d65d78de209a465d4de2885ehttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/091110.htmlhttp://secunia.com/advisories/51409http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16http://www.openwall.com/lists/oss-security/2012/10/09/4http://www.ubuntu.com/usn/USN-1644-1http://www.ubuntu.com/usn/USN-1645-1http://www.ubuntu.com/usn/USN-1646-1http://www.ubuntu.com/usn/USN-1647-1http://www.ubuntu.com/usn/USN-1648-1http://www.ubuntu.com/usn/USN-1649-1http://www.ubuntu.com/usn/USN-1652-1https://bugzilla.redhat.com/show_bug.cgi?id=862877https://github.com/torvalds/linux/commit/2702b1526c7278c4d65d78de209a465d4de2885ehttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2702b1526c7278c4d65d78de209a465d4de2885ehttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/091110.htmlhttp://secunia.com/advisories/51409http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16http://www.openwall.com/lists/oss-security/2012/10/09/4http://www.ubuntu.com/usn/USN-1644-1http://www.ubuntu.com/usn/USN-1645-1http://www.ubuntu.com/usn/USN-1646-1http://www.ubuntu.com/usn/USN-1647-1http://www.ubuntu.com/usn/USN-1648-1http://www.ubuntu.com/usn/USN-1649-1http://www.ubuntu.com/usn/USN-1652-1https://bugzilla.redhat.com/show_bug.cgi?id=862877https://github.com/torvalds/linux/commit/2702b1526c7278c4d65d78de209a465d4de2885e
2012-12-21
Published