Title: Linux Kernel All-zero SCM_CREDENTIALS Data Parsing Local Privilege Escalation
Aug 22, 2012
Aug 21, 2012
Linux Kernel contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when all-zero SCM_CREDENTIALS data is passed to a receiver even when not provided by the sender. This may allow a local attacker to gain escalated privileges.
Local Access Required
Loss of Integrity
Patch / RCS
Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the CVS/GIT repository that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor advisory or solution URL in the references section.