CVE-2012-0028
high
CVSS v3
—
CVSS v2
7.2
VIR risk
7.2
Description
The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — https://github.com/torvalds/linux/commit/8141c7f3e7aee618312fa1c15109e1219de784a7
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| linux-kernel | affected | | |
| linux-kernel | 2.6.27 | affected | |
| linux-kernel | 2.6.27.1 | affected | |
| linux-kernel | 2.6.27.2 | affected | |
| linux-kernel | 2.6.27.3 | affected | |
| linux-kernel | 2.6.27.4 | affected | |
| linux-kernel | 2.6.27.5 | affected | |
| linux-kernel | 2.6.27.6 | affected | |
| linux-kernel | 2.6.27.7 | affected | |
| linux-kernel | 2.6.27.8 | affected | |
| linux-kernel | 2.6.27.9 | affected | |
| linux-kernel | 2.6.27.10 | affected | |
| linux-kernel | 2.6.27.11 | affected | |
| linux-kernel | 2.6.27.12 | affected | |
| linux-kernel | 2.6.27.13 | affected | |
| linux-kernel | 2.6.27.14 | affected | |
| linux-kernel | 2.6.27.15 | affected | |
| linux-kernel | 2.6.27.16 | affected | |
| linux-kernel | 2.6.27.17 | affected | |
| linux-kernel | 2.6.27.18 | affected | |
| linux-kernel | 2.6.27.19 | affected | |
| linux-kernel | 2.6.27.20 | affected | |
| linux-kernel | 2.6.27.21 | affected | |
| linux-kernel | 2.6.27.22 | affected | |
| linux-kernel | 2.6.27.23 | affected | |
| linux-kernel | 2.6.27.24 | affected | |
| linux-kernel | 2.6.27.25 | affected | |
| linux-kernel | 2.6.27.26 | affected | |
| linux-kernel | 2.6.27.27 | affected | |
| linux-kernel | 2.6.27.28 | affected | |
| linux-kernel | 2.6.27.29 | affected | |
| linux-kernel | 2.6.27.30 | affected | |
| linux-kernel | 2.6.27.31 | affected | |
| linux-kernel | 2.6.27.32 | affected | |
| linux-kernel | 2.6.27.33 | affected | |
| linux-kernel | 2.6.27.34 | affected | |
| linux-kernel | 2.6.27.35 | affected | |
| linux-kernel | 2.6.27.36 | affected | |
| linux-kernel | 2.6.27.37 | affected | |
| linux-kernel | 2.6.27.38 | affected | |
| linux-kernel | 2.6.27.39 | affected | |
| linux-kernel | 2.6.27.40 | affected | |
| linux-kernel | 2.6.27.41 | affected | |
| linux-kernel | 2.6.27.42 | affected | |
| linux-kernel | 2.6.27.43 | affected | |
| linux-kernel | 2.6.27.44 | affected | |
| linux-kernel | 2.6.27.45 | affected | |
| linux-kernel | 2.6.27.46 | affected | |
| linux-kernel | 2.6.27.47 | affected | |
| linux-kernel | 2.6.27.48 | affected | |
| linux-kernel | 2.6.27.49 | affected | |
| linux-kernel | 2.6.27.50 | affected | |
| linux-kernel | 2.6.27.51 | affected | |
| linux-kernel | 2.6.27.52 | affected | |
| linux-kernel | 2.6.27.53 | affected | |
| linux-kernel | 2.6.27.54 | affected | |
| linux-kernel | 2.6.27.55 | affected | |
| linux-kernel | 2.6.27.56 | affected | |
| linux-kernel | 2.6.27.57 | affected | |
| linux-kernel | 2.6.27.58 | affected | |
| linux-kernel | 2.6.27.59 | affected | |
| linux-kernel | 2.6.27.60 | affected | |
| linux-kernel | 2.6.27.61 | affected | |
References
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8141c7f3e7aee618312fa1c15109e1219de784a7
- http://www.openwall.com/lists/oss-security/2012/05/08/1
- https://bugzilla.redhat.com/show_bug.cgi?id=771764
- https://github.com/torvalds/linux/commit/8141c7f3e7aee618312fa1c15109e1219de784a7
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8141c7f3e7aee618312fa1c15109e1219de784a7
- http://www.openwall.com/lists/oss-security/2012/05/08/1
- https://bugzilla.redhat.com/show_bug.cgi?id=771764
- https://github.com/torvalds/linux/commit/8141c7f3e7aee618312fa1c15109e1219de784a7
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.