CVE-2012-0028

Published: 4 January 2012

The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process.

From the Ubuntu Security Team

A flaw was found in how the linux kernel handles user-space held futexs. An unprivileged user could exploit this flaw to cause a denial of service or possibly elevate privileges.

Priority

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	hardy	Released (2.6.24-31.99)
	lucid	Not vulnerable (2.6.32-1.1)
	maverick	Ignored (end of life, was pending)
	natty	Not vulnerable (2.6.37-2.9)
	oneiric	Not vulnerable (2.6.39-0.0)
	precise	Not vulnerable (3.1.0-1.1)
	quantal	Not vulnerable (3.1.0-1.0)
	raring	Not vulnerable (3.1.0-1.0)
	upstream	Released (2.6.32~rc4)
	Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by 8141c7f3e7aee618312fa1c15109e1219de784a7 Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by fc6b177dee33365ccb29fe6d2092223cf8d679f9
linux-armadaxp Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Not vulnerable (3.2.0-1600.1)
	quantal	Not vulnerable (3.2.0-1602.5)
	raring	Does not exist
	upstream	Released (2.6.32~rc4)
linux-ec2 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable (2.6.32-300.1)
	maverick	Ignored (end of life)
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	upstream	Released (2.6.32~rc4)
linux-fsl-imx51 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable (2.6.31-600.1)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	upstream	Released (2.6.32~rc4)
linux-lts-backport-maverick Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Ignored (end of life)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	upstream	Released (2.6.32~rc4)
linux-lts-backport-natty Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable (2.6.38-1.27~lucid1)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	upstream	Released (2.6.32~rc4)
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable (3.0.0-5.6~lucid1)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	upstream	Released (2.6.32~rc4)
linux-lts-quantal Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	oneiric	Does not exist
	precise	Not vulnerable
	quantal	Does not exist
	raring	Does not exist
	upstream	Released (2.6.32~rc4)
linux-lts-raring Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	oneiric	Does not exist
	precise	Not vulnerable
	quantal	Does not exist
	raring	Does not exist
	upstream	Released (2.6.32~rc4)
linux-mvl-dove Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Ignored (end of life)
	maverick	Ignored (end of life, was pending)
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	upstream	Released (2.6.32~rc4)
linux-ti-omap4 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	maverick	Ignored (end of life, was pending)
	natty	Not vulnerable (2.6.38-1201.2)
	oneiric	Not vulnerable (2.6.38-1309.13)
	precise	Not vulnerable (3.0.0-1401.2)
	quantal	Not vulnerable (3.0.0-1401.2)
	raring	Not vulnerable (3.0.0-1401.2)
	upstream	Released (2.6.32~rc4)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›