CVE-2012-1097
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | - | 3.0.24 |
| linux / linux_kernel | 3.1 | 3.2.10 |
| redhat / enterprise_linux | 4.0 | 4.0.x |
| redhat / enterprise_mrg | 2.0 | 2.0.x |
| suse / linux_enterprise_server | 11-sp1 | 11-sp1.x |
| suse / linux_enterprise_desktop | 11-sp1 | 11-sp1.x |
| suse / linux_enterprise_desktop | 11-sp2 | 11-sp2.x |
| suse / linux_enterprise_server | 11-sp2 | 11-sp2.x |
| suse / linux_enterprise_high_availability_extension | 11-sp1 | 11-sp1.x |
| suse / linux_enterprise_high_availability_extension | 11-sp2 | 11-sp2.x |
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c8e252586f8d5de906385d8cf6385fee289a825e
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2012-0481.html
- http://rhn.redhat.com/errata/RHSA-2012-0531.html
- http://secunia.com/advisories/48842
- http://secunia.com/advisories/48898
- http://secunia.com/advisories/48964
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10
- http://www.openwall.com/lists/oss-security/2012/03/05/1
- https://bugzilla.redhat.com/show_bug.cgi?id=799209
- https://github.com/torvalds/linux/commit/c8e252586f8d5de906385d8cf6385fee289a825e
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime