CVE-2012-0056

Priority
Medium
Description
The mem_write function in the Linux kernel before 3.2.2, when ASLR is
disabled, does not properly check permissions when writing to
/proc/<pid>/mem, which allows local users to gain privileges by modifying
process memory, as demonstrated by Mempodipper.
Ubuntu-Description
Jüri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem
permissions. A local attacker could exploit this and gain root privileges.
References
Bugs
Notes
mdeslaur> RH says introduced by 198214a7ee, needs checking.
apw> as the proposed fix actually changes behaviour significantly and the
apw> functionality is very new and thus less likely to be needed it has been
apw> decided to revert 198214a for oneiric (the only release affected) and
apw> monitor it in precise for release.
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.13.0-24.46~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.0.0-15.26~lucid1)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Ubuntu 15.04 (Vivid Vervet):needs-triage
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-1.9)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-3.14)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.4.0-3.14)
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-1.3)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-3.10)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.4.0-3.10)
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.11.0-12.19)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.13.0-24.46)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.16.0-23.31)
Patches:
Introduced by 198214a7ee50375fa71a65e518341980cfd4b2f0Fixed by e268337dfe26dfc7efd422a804dbb27977a3cccc
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-3.21)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-5.28)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.4.0-5.28)
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-4.19)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-6.25)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.4.0-6.25)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-10-29 20:14:26 UTC (commit 8657)