2.1
CVE-2012-2669
- EPSS 0.35%
- Veröffentlicht 27.12.2012 11:47:00
- Zuletzt bearbeitet 16.06.2026 23:41:50
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 3.4.4
Linux ≫ Linux Kernel Version3.4.1
Linux ≫ Linux Kernel Version3.4.2
Linux ≫ Linux Kernel Version3.4.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.268 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c
http://lists.opensuse.org/opensuse-updates/2012-11/msg00042.html
http://openwall.com/lists/oss-security/2012/06/06/12
http://www.openwall.com/lists/oss-security/2012/11/27/12
https://bugzilla.novell.com/show_bug.cgi?id=761200
https://github.com/torvalds/linux/commit/bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c