kernel: fcaps: clear the same personality flags as suid when fcaps are used

🗓️ 15 May 2012 20:08:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com

Linux kernel fcaps flaw lets local users bypass personality restrictions via an app that disables address space randomization.

Reporter	Title	Published	Views	Family All 143
BDU FSTEC	Vulnerabilities in the Debian GNU/Linux operating system that allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information	6 Jul 201600:00	–	bdu_fstec
Tenable Nessus	CentOS 6 : kernel (CESA-2012:0743)	21 Jun 201200:00	–	nessus
Tenable Nessus	Debian DSA-2469-1 : linux-2.6 - privilege escalation/denial of service	11 May 201200:00	–	nessus
Tenable Nessus	Fedora 17 : kernel-3.3.2-8.fc17 (2012-6344)	24 Apr 201200:00	–	nessus
Tenable Nessus	Fedora 16 : kernel-3.3.2-6.fc16 (2012-6386)	25 Apr 201200:00	–	nessus
Tenable Nessus	Fedora 15 : kernel-2.6.43.2-6.fc15 (2012-6406)	26 Apr 201200:00	–	nessus
Tenable Nessus	MiracleLinux 4 : kernel-2.6.32-220.23.1.el6 (AXSA:2012-646:05)	14 Jan 202600:00	–	nessus
Tenable Nessus	openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)	13 Jun 201400:00	–	nessus
Tenable Nessus	openSUSE Security Update : Kernel (openSUSE-SU-2012:0812-1)	13 Jun 201400:00	–	nessus
Tenable Nessus	openSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)	13 Jun 201400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	x86_64	kernel-rt	0:3.0.30-rt50.62.el6rt	kernel-rt-0:3.0.30-rt50.62.el6rt.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	kernel-rt-debug	0:3.0.30-rt50.62.el6rt	kernel-rt-debug-0:3.0.30-rt50.62.el6rt.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	kernel-rt-debug-debuginfo	0:3.0.30-rt50.62.el6rt	kernel-rt-debug-debuginfo-0:3.0.30-rt50.62.el6rt.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	kernel-rt-debug-devel	0:3.0.30-rt50.62.el6rt	kernel-rt-debug-devel-0:3.0.30-rt50.62.el6rt.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	kernel-rt-debuginfo	0:3.0.30-rt50.62.el6rt	kernel-rt-debuginfo-0:3.0.30-rt50.62.el6rt.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	kernel-rt-debuginfo-common-x86_64	0:3.0.30-rt50.62.el6rt	kernel-rt-debuginfo-common-x86_64-0:3.0.30-rt50.62.el6rt.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	kernel-rt-devel	0:3.0.30-rt50.62.el6rt	kernel-rt-devel-0:3.0.30-rt50.62.el6rt.x86_64.rpm
Red Hat Enterprise Linux	6	any	kernel-rt-doc	0:3.0.30-rt50.62.el6rt	kernel-rt-doc-0:3.0.30-rt50.62.el6rt.noarch.rpm
Red Hat Enterprise Linux	6	any	kernel-rt-firmware	0:3.0.30-rt50.62.el6rt	kernel-rt-firmware-0:3.0.30-rt50.62.el6rt.noarch.rpm
Red Hat Enterprise Linux	6	x86_64	kernel-rt-trace	0:3.0.30-rt50.62.el6rt	kernel-rt-trace-0:3.0.30-rt50.62.el6rt.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2012-2123
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-2123
cve	www.cve.org/CVERecord

21 Nov 2025 17:40Current

7.2High risk

Vulners AI Score7.2

CVSS 27.2

EPSS0.00057

Linux kernel file system capabilities privileged executable personality restrictions address space randomization local users