CVE-2012-0056

Exploitation Summary

CVE-2012-0056 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including zx2c4, pythonone, srclib.

AI-analyzed exploit summary This exploit leverages a Linux kernel vulnerability (CVE-2012-0056) to achieve local privilege escalation by manipulating file descriptors and injecting shellcode into the 'su' binary's memory space.

Description

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.

Exploits (4)

exploitdb WORKING POC VERIFIED

by zx2c4 · clocallinux

https://www.exploit-db.com/exploits/18411

View Code ZIP pw:eip

This exploit leverages a Linux kernel vulnerability (CVE-2012-0056) to achieve local privilege escalation by manipulating file descriptors and injecting shellcode into the 'su' binary's memory space.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel >=2.6.39

No auth needed

Prerequisites: Local access to the target system · GCC or similar compiler to build the exploit

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by zx2c4 · clocallinux

https://www.exploit-db.com/exploits/35161

View Code ZIP pw:eip

This exploit leverages a memory corruption vulnerability in the Linux kernel (CVE-2012-0056) to achieve local privilege escalation by manipulating file descriptors and injecting shellcode into the 'su' binary's memory space.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel (versions before the fix for CVE-2012-0056)

No auth needed

Prerequisites: Local access to the vulnerable system · Presence of the 'su' binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by pythonone · remote

https://github.com/pythonone/CVE-2012-0056

View Code ZIP pw:eip

This repository contains a working exploit for CVE-2012-0056, a Linux local privilege escalation vulnerability in the /proc/pid/mem interface. The exploit leverages improper permission checks to write arbitrary memory to SUID processes, bypassing ASLR and self_exec_id protections.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel versions 2.6.39 to 3.2.1

No auth needed

Prerequisites: Access to a vulnerable Linux system · Ability to execute local binaries

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by srclib · remote

https://github.com/srclib/CVE-2012-0056

View Code ZIP pw:eip

This repository contains a functional local privilege escalation exploit (mempodipper) for CVE-2012-0056, targeting a vulnerability in the Linux kernel's memory handling. The exploit leverages ptrace and /proc mem manipulation to achieve root access.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel (specific versions affected by CVE-2012-0056)

No auth needed

Prerequisites: Local access to a vulnerable Linux system · Compilation tools (gcc, nasm)

MITRE ATT&CK