Published: 21/12/2012 Updated: 07/11/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 495

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

The override_release function in kernel/sys.c in the Linux kernel prior to 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 3.2.21
linux linux kernel 3.4.4
linux linux kernel 3.0.25
linux linux kernel 3.1.2
linux linux kernel 3.4.11
linux linux kernel 3.0
linux linux kernel 3.2.19
linux linux kernel 3.0.22
linux linux kernel 3.2.23
linux linux kernel 3.4.13
linux linux kernel 3.0.5
linux linux kernel 3.4.1
linux linux kernel 3.2.18
linux linux kernel 3.3
linux linux kernel 3.0.38
linux linux kernel 3.1
linux linux kernel 3.4
linux linux kernel 3.2.5
linux linux kernel 3.2.26
linux linux kernel 3.0.18
linux linux kernel 3.0.6
linux linux kernel 3.0.36
linux linux kernel 3.0.35
linux linux kernel 3.0.11
linux linux kernel 3.0.34
linux linux kernel 3.0.32
linux linux kernel 3.2
linux linux kernel 3.2.16
linux linux kernel 3.4.12
linux linux kernel 3.3.2
linux linux kernel 3.0.19
linux linux kernel 3.2.27
linux linux kernel 3.0.37
linux linux kernel 3.0.4
linux linux kernel 3.3.8
linux linux kernel 3.0.27
linux linux kernel 3.3.3
linux linux kernel 3.4.5
linux linux kernel 3.2.11
linux linux kernel 3.0.42
linux linux kernel 3.0.23
linux linux kernel 3.2.10
linux linux kernel 3.0.8
linux linux kernel 3.2.14
linux linux kernel 3.4.14
linux linux kernel 3.3.4
linux linux kernel 3.2.29
linux linux kernel 3.0.40
linux linux kernel 3.0.33
linux linux kernel
linux linux kernel 3.0.28
linux linux kernel 3.3.6
linux linux kernel 3.2.25
linux linux kernel 3.4.3
linux linux kernel 3.4.2
linux linux kernel 3.2.4
linux linux kernel 3.0.13
linux linux kernel 3.2.9
linux linux kernel 3.0.10
linux linux kernel 3.2.15
linux linux kernel 3.0.1
linux linux kernel 3.1.6
linux linux kernel 3.2.20
linux linux kernel 3.2.24
linux linux kernel 3.2.6
linux linux kernel 3.2.2
linux linux kernel 3.0.17
linux linux kernel 3.1.3
linux linux kernel 3.1.9
linux linux kernel 3.0.44
linux linux kernel 3.0.16
linux linux kernel 3.2.13
linux linux kernel 3.0.21
linux linux kernel 3.0.7
linux linux kernel 3.4.10
linux linux kernel 3.1.5
linux linux kernel 3.1.8
linux linux kernel 3.2.1
linux linux kernel 3.2.7
linux linux kernel 3.0.20
linux linux kernel 3.0.24
linux linux kernel 3.3.5
linux linux kernel 3.0.15
linux linux kernel 3.2.30
linux linux kernel 3.0.39
linux linux kernel 3.0.2
linux linux kernel 3.1.7
linux linux kernel 3.1.1
linux linux kernel 3.3.7
linux linux kernel 3.0.12
linux linux kernel 3.2.22
linux linux kernel 3.2.17
linux linux kernel 3.2.8
linux linux kernel 3.1.10
linux linux kernel 3.3.1
linux linux kernel 3.0.3
linux linux kernel 3.0.9
linux linux kernel 3.0.26
linux linux kernel 3.1.4
linux linux kernel 3.0.43
linux linux kernel 3.0.30
linux linux kernel 3.0.31
linux linux kernel 3.0.29
linux linux kernel 3.2.12
linux linux kernel 3.2.28
linux linux kernel 3.0.14
linux linux kernel 3.2.3
linux linux kernel 3.0.41

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix several security issues and multiplebugs are now available for Red Hat Enterprise MRG 22The Red Hat Security Response Team has rated this update as havingimportant ...

A use-after-free flaw was found in the Linux kernel's memory management subsystem in the way quota handling for huge pages was performed A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges (CVE-2012-2133, Moderate) A use-after-free flaw was found in the madvise() system call imple ...

Several security issues were fixed in the kernel ...

USN-1704-1 introduced a regression in the Linux kernel ...

Several security issues were fixed in the kernel ...

/* source: wwwsecurityfocuscom/bid/55855/info The Linux kernel is prone to a local information-disclosure vulnerability Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks */ /* Test for UNAME26 personality uname kernel stack leak * Copyright 2012, Kees Cook <keescook@chromium ...

CWE-16 http://www.openwall.com/lists/oss-security/2012/10/09/4 https://bugzilla.redhat.com/show_bug.cgi?id=862877 https://github.com/torvalds/linux/commit/2702b1526c7278c4d65d78de209a465d4de2885e http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16 http://www.ubuntu.com/usn/USN-1648-1 http://www.ubuntu.com/usn/USN-1644-1 http://www.ubuntu.com/usn/USN-1647-1 http://www.ubuntu.com/usn/USN-1649-1 http://www.ubuntu.com/usn/USN-1646-1 http://www.ubuntu.com/usn/USN-1645-1 http://www.ubuntu.com/usn/USN-1652-1 http://secunia.com/advisories/51409 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091110.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2702b1526c7278c4d65d78de209a465d4de2885e https://access.redhat.com/errata/RHSA-2012:1491 https://nvd.nist.gov https://www.exploit-db.com/exploits/37937/https://usn.ubuntu.com/1652-1/https://alas.aws.amazon.com/ALAS-2012-142.html

Get Started

CVE-2012-0957

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect