CVE-2012-4530
Published: 19 October 2012
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
From the Ubuntu security team
A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents.
Priority
Status
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530
- http://www.openwall.com/lists/oss-security/2012/10/19
- https://lkml.org/lkml/2012/9/23/29
- http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/
- http://www.spinics.net/lists/mm-commits/msg92245.html
- http://www.spinics.net/lists/mm-commits/msg92433.html
- https://ubuntu.com/security/notices/USN-1683-1
- https://ubuntu.com/security/notices/USN-1684-1
- https://ubuntu.com/security/notices/USN-1688-1
- https://ubuntu.com/security/notices/USN-1689-1
- https://ubuntu.com/security/notices/USN-1691-1
- https://ubuntu.com/security/notices/USN-1696-1
- https://ubuntu.com/security/notices/USN-1698-1
- https://ubuntu.com/security/notices/USN-1699-1
- https://ubuntu.com/security/notices/USN-1700-1
- https://ubuntu.com/security/notices/USN-1704-1
- NVD
- Launchpad
- Debian