CVE-2012-0056

Published: 19 January 2012

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.

From the Ubuntu security team

Jüri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem permissions. A local attacker could exploit this and gain root privileges.

Status

Notes

RH says introduced by 198214a7ee, needs checking.

as the proposed fix actually changes behaviour significantly and the
functionality is very new and thus less likely to be needed it has been
decided to revert 198214a for oneiric (the only release affected) and
monitor it in precise for release.

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0056
• http://www.openwall.com/lists/oss-security/2012/01/18/1
• https://ubuntu.com/security/notices/USN-1336-1
• https://ubuntu.com/security/notices/USN-1342-1
• https://ubuntu.com/security/notices/USN-1364-1
• NVD
• Launchpad
• Debian

Bugs

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0056
• https://launchpad.net/bugs/919115