Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2012-4530

Published: 18/02/2013 Updated: 13/02/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 215
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Linux

Vulnerability Summary

The load_script function in fs/binfmt_script.c in the Linux kernel prior to 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 3.2.21

linux linux kernel 3.4.4

linux linux kernel 3.0.25

linux linux kernel 3.1.2

linux linux kernel 3.4.11

linux linux kernel 3.0

linux linux kernel 3.2.19

linux linux kernel 3.0.22

linux linux kernel 3.2.23

linux linux kernel 3.4.13

linux linux kernel 3.6.7

linux linux kernel 3.0.5

linux linux kernel 3.5.2

linux linux kernel 3.2.18

linux linux kernel 3.3

linux linux kernel 3.0.38

linux linux kernel 3.1

linux linux kernel 3.2.5

linux linux kernel 3.2.26

linux linux kernel 3.4

linux linux kernel 3.0.18

linux linux kernel 3.0.6

linux linux kernel 3.0.36

linux linux kernel 3.4.23

linux linux kernel 3.0.35

linux linux kernel 3.0.11

linux linux kernel 3.0.34

linux linux kernel 3.5.7

linux linux kernel 3.0.32

linux linux kernel 3.2

linux linux kernel 3.4.18

linux linux kernel 3.4.6

linux linux kernel 3.2.16

linux linux kernel 3.4.12

linux linux kernel 3.3.2

linux linux kernel 3.0.19

linux linux kernel 3.2.27

linux linux kernel 3.0.37

linux linux kernel 3.0.4

linux linux kernel 3.3.8

linux linux kernel 3.0.27

linux linux kernel 3.3.3

linux linux kernel 3.4.5

linux linux kernel 3.2.11

linux linux kernel 3.0.42

linux linux kernel 3.0.23

linux linux kernel 3.2.10

linux linux kernel 3.0.8

linux linux kernel 3.2.14

linux linux kernel 3.4.14

linux linux kernel 3.3.4

linux linux kernel 3.2.29

linux linux kernel 3.0.40

linux linux kernel 3.4.19

linux linux kernel 3.7

linux linux kernel 3.0.33

linux linux kernel 3.4.9

linux linux kernel 3.0.28

linux linux kernel 3.5.6

linux linux kernel 3.6.2

linux linux kernel 3.3.6

linux linux kernel 3.2.25

linux linux kernel 3.2.4

linux linux kernel 3.6.6

linux linux kernel 3.4.15

linux linux kernel 3.0.13

linux linux kernel 3.4.3

linux linux kernel 3.2.9

linux linux kernel 3.0.10

linux linux kernel 3.6.4

linux linux kernel 3.2.15

linux linux kernel 3.0.1

linux linux kernel 3.1.6

linux linux kernel 3.2.20

linux linux kernel 3.2.24

linux linux kernel 3.6.1

linux linux kernel 3.4.24

linux linux kernel 3.2.6

linux linux kernel 3.2.2

linux linux kernel 3.0.17

linux linux kernel 3.1.3

linux linux kernel 3.1.9

linux linux kernel 3.6

linux linux kernel 3.0.44

linux linux kernel 3.0.16

linux linux kernel 3.5.5

linux linux kernel 3.2.13

linux linux kernel

linux linux kernel 3.0.21

linux linux kernel 3.0.7

linux linux kernel 3.4.10

linux linux kernel 3.1.5

linux linux kernel 3.1.8

linux linux kernel 3.2.1

linux linux kernel 3.2.7

linux linux kernel 3.5.3

linux linux kernel 3.0.20

linux linux kernel 3.0.24

linux linux kernel 3.6.3

linux linux kernel 3.3.5

linux linux kernel 3.4.8

linux linux kernel 3.5.4

linux linux kernel 3.0.15

linux linux kernel 3.2.30

linux linux kernel 3.0.39

linux linux kernel 3.0.2

linux linux kernel 3.4.20

linux linux kernel 3.5.1

linux linux kernel 3.4.2

linux linux kernel 3.1.7

linux linux kernel 3.1.1

linux linux kernel 3.4.1

linux linux kernel 3.3.7

linux linux kernel 3.6.5

linux linux kernel 3.0.12

linux linux kernel 3.2.22

linux linux kernel 3.2.17

linux linux kernel 3.4.16

linux linux kernel 3.4.22

linux linux kernel 3.2.8

linux linux kernel 3.1.10

linux linux kernel 3.3.1

linux linux kernel 3.0.3

linux linux kernel 3.0.9

linux linux kernel 3.0.26

linux linux kernel 3.1.4

linux linux kernel 3.0.43

linux linux kernel 3.0.30

linux linux kernel 3.0.31

linux linux kernel 3.0.29

linux linux kernel 3.2.12

linux linux kernel 3.4.17

linux linux kernel 3.2.28

linux linux kernel 3.6.8

linux linux kernel 3.0.14

linux linux kernel 3.4.7

linux linux kernel 3.4.21

linux linux kernel 3.2.3

linux linux kernel 3.0.41

Vendor Advisories

Red Hat: Moderate: kernel security and bug fix update
Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated kernel packages that fix three security issues and several bugs arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity im ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix several security issues and multiplebugs are now available for Red Hat Enterprise MRG 23The Red Hat Security Response Team has rated this update as havingimportant ...
Amazon Linux AMI: ALAS-2013-166
It was found that a deadlock could occur in the Out of Memory (OOM) killer A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption) (CVE-2012-4398) A flaw was found in the w ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-quantal - Linux kernel hardware enablement from Quantal vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux regression
USN-1699-1 introduced a regression in the Linux kernel ...
Ubuntu Security Notice: linux vulnerability
The system could be made to leak sensitive system information ...
Ubuntu Security Notice: linux-ti-omap4 regression
USN-1698-1 introduced a regression in the Linux kernel ...
Ubuntu Security Notice: linux-lts-backport-oneiric vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 regression
USN-1700-1 introduced a regression in the Linux kernel ...
Ubuntu Security Notice: linux regression
USN-1696-1 introduced a regression in the Linux kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-quantal - Linux kernel hardware enablement from Quantal regression
USN-1704-1 introduced a regression in the Linux kernel ...
Ubuntu Security Notice: linux-ec2 vulnerability
The system could be made to leak sensitive system information ...
Ubuntu Security Notice: linux-ti-omap4 vulnerability
The system could be made to leak data on the kernel stack ...

Exploits

Exploit DB: Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure
Source: wwwhalfdognet/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/ ## Introduction Problem description: Linux kernel binfmt_script handling in combination with CONFIG_MODULES can lead to disclosure of kernel stack data during execve via copy of data from dangling pointer to stack to growing argv list Apart from that, the BI ...

References

CWE-200http://www.openwall.com/lists/oss-security/2012/10/19/3https://github.com/torvalds/linux/commit/b66c5984017533316fd1951770302649baf1aa33http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.2https://bugzilla.redhat.com/show_bug.cgi?id=868285http://rhn.redhat.com/errata/RHSA-2013-0223.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.htmlhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b66c5984017533316fd1951770302649baf1aa33https://access.redhat.com/errata/RHSA-2013:0223https://nvd.nist.govhttps://www.exploit-db.com/exploits/41767/https://usn.ubuntu.com/1689-1/https://alas.aws.amazon.com/ALAS-2013-166.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook