CVE-2012-0028

Impact:
Important
Public Date:
2008-11-15
IAVA:
2012-A-0073
Bugzilla:
771764: CVE-2012-0028 kernel: futex: clear robust_list on execve

The MITRE CVE dictionary describes this issue as:

The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process.

Find out more about CVE-2012-0028 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for robust futexes. It did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they have the backported fixes. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0107.html.

CVSS v2 metrics

Base Score 6.2
Base Metrics AV:L/AC:H/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (kernel) RHSA-2012:0107 2012-02-09
Red Hat Enterprise Linux EUS (v. 5.6 server) (kernel) RHSA-2012:0358 2012-03-06

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 4 kernel Not affected
Last Modified

CVE description copyright © 2017, The MITRE Corporation