Vulnerability Description
The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 2.6.27.62 |
Related Weaknesses (CWE)
References
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://www.openwall.com/lists/oss-security/2012/05/08/1
- https://bugzilla.redhat.com/show_bug.cgi?id=771764
- https://github.com/torvalds/linux/commit/8141c7f3e7aee618312fa1c15109e1219de784aExploitPatch
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://www.openwall.com/lists/oss-security/2012/05/08/1
- https://bugzilla.redhat.com/show_bug.cgi?id=771764
- https://github.com/torvalds/linux/commit/8141c7f3e7aee618312fa1c15109e1219de784aExploitPatch
FAQ
What is CVE-2012-0028?
CVE-2012-0028 is a vulnerability with a CVSS score of 7.2 (HIGH). The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain...
How severe is CVE-2012-0028?
CVE-2012-0028 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0028?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.