CVE-2012-2136

Exploit

EPSS 0.11%
Published 09.08.2012 10:29:46
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 3.0.37

Linux ≫ Linux Kernel Version >= 3.1 < 3.2.23

Linux ≫ Linux Kernel Version >= 3.3 < 3.4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.307

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2012-0743.html

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-1535-1

Third Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc

Broken Link

http://rhn.redhat.com/errata/RHSA-2012-1087.html

Third Party Advisory

http://secunia.com/advisories/50807

URL Repurposed

http://ubuntu.com/usn/usn-1529-1