#VU43957 Permissions, Privileges, and Access Controls in Linux kernel - CVE-2012-0028
Published: June 22, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU43957
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2012-0028
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process.
Remediation
Install update from vendor's website.
External links
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8141c7f3e7aee618312fa1c15109e1219de784a7
- http://www.openwall.com/lists/oss-security/2012/05/08/1
- https://bugzilla.redhat.com/show_bug.cgi?id=771764
- https://github.com/torvalds/linux/commit/8141c7f3e7aee618312fa1c15109e1219de784a7