Vulnerability in Linux Linux_kernel
CVE-2012-0056
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated b…
EPSS: 0.643 (98.5th percentile) — read the EPSS interpretation.
Affected products
- Linux Linux_kernel
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 51625 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- secalert@redhat.com (Third Party Advisory, x_refsource_MISC)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- USN-1336-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- RHSA-2012:0052 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- 47708 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
- [oss-security] 20120119 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- [oss-security] 20120117 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- RHSA-2012:0061 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- [oss-security] 20120118 CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
Frequently asked questions
- What is CVE-2012-0056?
- CVE-2012-0056 is a vulnerability in Linux Linux_kernel, classified under CWE-264. Published 2012-01-27.
- Is CVE-2012-0056 known to be exploited?
- 164 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.