we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability bulletin CVE-2012-0028

Linux kernel: denial of service via futex

Synthesis of the vulnerability

A local attacker can use a futex in a process calling execve(), in order to stop the kernel.
Impacted products: Linux, RHEL, ESX.
Severity: 1/4.
Creation date: 05/01/2012.
Identifiers: BID-51947, CVE-2012-0028, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, RHSA-2012:0107-01, RHSA-2012:0358-01, VIGILANCE-VUL-11258, VMSA-2012-0003.1, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0013.1.

Description of the vulnerability

A futex (Fast Userspace Mutex) locks elements, using atomic operations on an integer.

The execve() system call replaces the current process by a new process.

When a process uses a futex, and then calls exit(), the futex is freed. However, it is not freed during the call the execve(). The system thus becomes instable.

A local attacker can therefore use a futex in a process calling execve(), in order to stop the kernel.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a systems vulnerabilities database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.