The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
2012-05-17T11:00:37.227
2025-04-11T00:51:21.963
Deferred
CVSSv3.1: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | linux | linux_kernel | < 3.0.24 | Yes |
| Operating System | linux | linux_kernel | < 3.2.10 | Yes |
| Operating System | redhat | enterprise_linux | 4.0 | Yes |
| Operating System | redhat | enterprise_mrg | 2.0 | Yes |
| Operating System | suse | linux_enterprise_desktop | 11 | Yes |
| Operating System | suse | linux_enterprise_desktop | 11 | Yes |
| Operating System | suse | linux_enterprise_high_availability_extension | 11 | Yes |
| Operating System | suse | linux_enterprise_high_availability_extension | 11 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | Yes |