CVE-2012-0957

Linux kernel <3.4.16 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0957. PoCs published by Brad Spengler.

AI-analyzed exploit summary This exploit demonstrates a local information disclosure vulnerability in the Linux kernel by leveraging the UNAME26 personality flag to leak kernel stack memory via the uname system call. The PoC checks for leaked bytes in the utsname struct's release field after enabling the UNAME26 personality.

Description

The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Brad Spengler · clocallinux

https://www.exploit-db.com/exploits/37937

View Code ZIP pw:eip

This exploit demonstrates a local information disclosure vulnerability in the Linux kernel by leveraging the UNAME26 personality flag to leak kernel stack memory via the uname system call. The PoC checks for leaked bytes in the utsname struct's release field after enabling the UNAME26 personality.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Linux kernel (versions affected by CVE-2012-0957)

No auth needed

Prerequisites: Local access to the target system · Kernel version vulnerable to CVE-2012-0957

MITRE ATT&CK

T1003 - OS Credential Dumping T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Vendor Advisory x_refsource_confirm

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1644-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1645-1

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2702b1526c7278c4d65d78de209a465d4de2885e

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1647-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1652-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1646-1

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=862877

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091110.html

Patch x_refsource_confirm

https://github.com/torvalds/linux/commit/2702b1526c7278c4d65d78de209a465d4de2885e

View Patch ZIP pw:eip

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1648-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1649-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/51409

Exploit mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/10/09/4

Scores

EPSS 0.0096

EPSS Percentile 56.7%

Details

CWE

CWE-16

Status published

Products (44)

linux/linux_kernel 3.0 rc1 (7 CPE variants)

linux/linux_kernel 3.0.1

linux/linux_kernel 3.0.2

linux/linux_kernel 3.0.3

linux/linux_kernel 3.0.4

linux/linux_kernel 3.0.5

linux/linux_kernel 3.0.6

linux/linux_kernel 3.0.7

linux/linux_kernel 3.0.8

linux/linux_kernel 3.0.9

... and 34 more

Published Dec 21, 2012

Tracked Since Feb 18, 2026