CVE-2012-1097

HIGH

Linux Kernel < 3.2.10 - Denial of Service via PTRACE_GETREGSET or PTRACE_SETREGSET

Title source: llm
STIX 2.1

Description

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.

References (12)

Core 12
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0531.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48898
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=799209
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0481.html
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/05/1
Mailing List, Patch, Vendor Advisory x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48964
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48842

Scores

CVSS v3 7.8
EPSS 0.0011
EPSS Percentile 28.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-476
Status published
Products (6)
linux/linux_kernel < 3.0.24
redhat/enterprise_linux 4.0
redhat/enterprise_mrg 2.0
suse/linux_enterprise_desktop 11 sp1 (2 CPE variants)
suse/linux_enterprise_high_availability_extension 11 sp1 (2 CPE variants)
suse/linux_enterprise_server 11 sp1 (4 CPE variants)
Published May 17, 2012
Tracked Since Feb 18, 2026