PT-2014-2415 · Linux+3 · Linux Kernel+3

Prasad Pandit

Publicado

2014-05-26

Atualizado

2023-02-13

CVE-2012-6647

CVSS v2.0

4.9

Média

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.5.1

Description The issue is related to the futex wait requeue pi function in the Linux kernel, which does not properly validate futex addresses. This can be exploited by local users to cause a denial of service, resulting in a NULL pointer dereference and system crash, or potentially have other unspecified impacts through a crafted FUTEX WAIT REQUEUE PI command.

Recommendations For Linux kernel versions prior to 3.5.1, update to version 3.5.1 or later to resolve the issue.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CESA-2014_0981

CVE-2012-6647

RHSA-2014:0981

RHSA-2014_0981

SUSE-SU-2014_0807-1

SUSE-SU-2015:0652-1

USN-1579-1

USN-1580-1

USN-1651-1

USN-1653-1

Produtos afetados

Centos

Linux Kernel

Red Hat

Suse

PT-2014-2415 · Linux+3 · Linux Kernel+3

CVE-2012-6647

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25