CVE-2012-0875

CVSS v2.0

5.4

Medium

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions SystemTap versions 1.6, 1.7 and probably other versions SystemTap versions prior to 2.0

Description The issue allows local users to obtain sensitive information from kernel memory or cause a denial of service via vectors related to crafted DWARF data. This can trigger a read of an invalid pointer, leading to a kernel panic and crash. The vulnerability can be exploited locally, potentially leading to a breach of confidentiality and availability of protected information.

Recommendations For SystemTap versions 1.6 and 1.7, consider disabling unprivileged mode until a patch is available. For SystemTap versions prior to 2.0, update to version 2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the SystemTap package to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2015-06694

BDU:2015-06695

BDU:2015-06696

BDU:2015-06697

BDU:2015-06698

BDU:2015-06699

BDU:2015-06700

BDU:2015-08813

BDU:2015-08814

BDU:2015-08815

BDU:2015-08816

BDU:2015-08817

BDU:2015-08818

BDU:2015-08819

BDU:2015-09709

CESA-2012_0376

CVE-2012-0875

RHSA-2012:0376

RHSA-2012_0376

SUSE-SU-2013_0669-1

Affected Products

Centos

Red Hat

Suse

Systemtap

CVE-2012-0875

Weakness Enumeration

Related Identifiers

Affected Products

References · 43