CVE-2012-1097

CWE-476 — NULL Pointer Dereference16 documents7 sources

Severity

7.8HIGH

EPSS

0.1%

top 71.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Redhat Enterprise Linux Redhat Enterprise MRG +3 more

Timeline

PublishedMay 17

Latest updateMay 13

Description

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages19 packages

▶NVDlinux/linux_kernel3.1 — 3.2.10+1

▶Ubuntulinux< 3.11.0-12.19+1

▶Ubuntulinux-aws< 4.4.0-1002.2+1

▶Ubuntulinux-flo< 3.4.0-1.3+1

▶Ubuntulinux-gke< 4.4.0-1003.3

Also affects: Enterprise Linux 4.0

Patches

Patch: www.kernel.org ↗Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-j2h3-37r3-qm7f: The regset (aka register set) feature in the Linux kernel before 3↗2022-05-13

▶

CVEList

CVE-2012-1097: The regset (aka register set) feature in the Linux kernel before 3↗2012-05-17

▶

OSV

CVE-2012-1097: The regset (aka register set) feature in the Linux kernel before 3↗2012-03-07

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2012-05-31

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2012-05-18

▶

Ubuntu

Linux kernel (Natty backport) vulnerabilities↗2012-05-08

▶

Ubuntu

Linux kernel vulnerabilities↗2012-05-01

▶

Ubuntu

Linux kernel (Oneiric backport) vulnerabilities↗2012-05-01

▶

💬Community

Bugzilla

CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets [fedora-all]↗2012-03-05

▶

Bugzilla

CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets↗2012-03-02

▶