Red Hat Customer Portal

Skip to main content

CVE-2012-0957

The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.

Details Source

Mitre

Statement

This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5.

This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.

This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2.

Public Date

2012-10-09 00:00:00

Impact

Low

Bugzilla

CVE-2012-0957 kernel: uts: stack memory leak in UNAME26

Bugzilla ID

862 877

CVSS Status

verified

Base Score

2.10

Base Metrics

AV:L/AC:L/Au:N/C:P/I:N/A:N

Acknowledgements

Red Hat would like to thank Kees Cook for reporting this issue.

Red Hat Security Errata

Platform Errata Release Date
MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2012:1491 2012-12-04

CWE

CWE-401

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected