Ubuntu.comUB:CVE-2012-3510CVE-2012-3510
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:P/I:N/A:C
EPSS
Percentile
5.1%
Use-after-free vulnerability in the xacct_add_tsk function in
kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to
obtain potentially sensitive information from kernel memory or cause a
denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
command.
Bugs
- <http://bugzilla.openvz.org/show_bug.cgi?id=2294>
- <https://bugzilla.redhat.com/show_bug.cgi?id=849722>
- <https://launchpad.net/bugs/1042443>
Notes
| Author | Note |
|---|---|
| jdstrand | linux-armadaxp is maintained by OEM |
| sbeattie | introduced by 9acc1853519a0473620d424105f9d49ea5b4e62e and only if TASK_XACCT is enabled. |
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9
seclists.org/oss-sec/2012/q3/255
launchpad.net/bugs/cve/CVE-2012-3510
nvd.nist.gov/vuln/detail/CVE-2012-3510
security-tracker.debian.org/tracker/CVE-2012-3510
www.cve.org/CVERecord?id=CVE-2012-3510
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:P/I:N/A:C
EPSS
Percentile
5.1%