CVE-2012-3510

Impact:
Moderate
Public Date:
2006-10-30
CWE:
CWE-416
Bugzilla:
849722: CVE-2012-3510 kernel: taskstats: use-after-free in xacct_add_tsk()

The MITRE CVE dictionary describes this issue as:

Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.

Find out more about CVE-2012-3510 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the versions of the Linux kernel as shipped with Red
Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they already contain
upstream commit f0ec1aaf54cadd that fixed this issue.

CVSS v2 metrics

Base Score 5.6
Base Metrics AV:L/AC:L/Au:N/C:P/I:N/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (kernel) RHSA-2012:1323 2012-10-02

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected
Red Hat Enterprise Linux 6 kernel Not affected

Acknowledgements

Red Hat would like to thank Alexander Peslyak for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.