CyberSec.Space Logo
Back to CVE Browser

CVE-2012-0875

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile15.12th
PublishedFeb 4, 2014
Last ModifiedApr 29, 2026

Vulnerability Description

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.

Affected Platforms (CPE)

πŸ“¦
Systemtap

Systemtap

= 1.6.7
πŸ“¦
Systemtap

Systemtap

= 1.7

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-updates/2013-03/msg00057.html
πŸ”— http://permalink.gmane.org/gmane.comp.security.oss.general/6987
πŸ”— http://rhn.redhat.com/errata/RHSA-2012-0376.html
πŸ”— http://securitytracker.com/id?1026777
πŸ”— http://sourceware.org/bugzilla/show_bug.cgi?id=13714
πŸ”— http://sourceware.org/git/?p=systemtap.git%3Ba=commit%3Bh=64b0cff3b
πŸ”— http://lists.opensuse.org/opensuse-updates/2013-03/msg00057.html
πŸ”— http://permalink.gmane.org/gmane.comp.security.oss.general/6987

Related Vulnerabilities

CVE-2009-427310.0

stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command...

CVE-2010-04127.5

stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an ...

CVE-2010-41707.2

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local us...

CVE-2009-07846.3

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrar...