Your submission was sent successfully! Close

CVE-2012-0056

Published: 19 January 2012

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.

From the Ubuntu security team

Jüri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem permissions. A local attacker could exploit this and gain root privileges.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-aws
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-ec2
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-flo
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-gke
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-goldfish
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-grouper
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-hwe
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-hwe-edge
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-lts-trusty
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-lts-utopic
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-lts-vivid
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-lts-wily
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-lts-xenial
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-maguro
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-mako
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-manta
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-raspi2
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-snapdragon
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
upstream
Released (3.3~rc1)

Notes

AuthorNote
mdeslaur
RH says introduced by 198214a7ee, needs checking.
apw
as the proposed fix actually changes behaviour significantly and the
functionality is very new and thus less likely to be needed it has been
decided to revert 198214a for oneiric (the only release affected) and
monitor it in precise for release.

References

Bugs