7.8
CVE-2012-1097
- EPSS 0.12%
- Published 17.05.2012 11:00:37
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 3.0.24
Linux ≫ Linux Kernel Version >= 3.1 < 3.2.10
Redhat ≫ Enterprise Linux Version4.0
Redhat ≫ Enterprise Mrg Version2.0
Suse ≫ Linux Enterprise Desktop Version11 Updatesp1
Suse ≫ Linux Enterprise Desktop Version11 Updatesp2
Suse ≫ Linux Enterprise High Availability Extension Version11 Updatesp1
Suse ≫ Linux Enterprise High Availability Extension Version11 Updatesp2
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwPlatformvmware
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEdition-
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatformvmware
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwEdition-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.319 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.