CVE-2012-1097
published 2012-05-17CVE-2012-1097: The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | < 3.0.24 | 3.0.24 |
| linux | linux_kernel | >= 0 < 3.11.0-12.19 | 3.11.0-12.19 |
| linux | linux_kernel | >= 0 < 4.2.0-16.19 | 4.2.0-16.19 |
| linux | linux_kernel | >= 3.1 < 3.2.10 | 3.2.10 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_mrg | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_high_availability_extension | — | — |
| suse | linux_enterprise_server | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH