CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel
before 3.4.5 does not properly validate a certain length value, which
allows local users to cause a denial of service (heap-based buffer overflow
and system crash) or possibly gain privileges by leveraging access to a
TUN/TAP device.
Author | Note |
---|---|
jdstrand | linux-armadaxp is maintained by OEM |
tyhicks | No upstream fix yet, but an initial patch is under review (see References) Patch tags indicate that 2.6.27+ is affected. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | linux | <Β 2.6.24-32.105 | UNKNOWN |
ubuntu | 10.04 | noarch | linux | <Β 2.6.32-42.95 | UNKNOWN |
ubuntu | 11.04 | noarch | linux | <Β 2.6.38-15.65 | UNKNOWN |
ubuntu | 11.10 | noarch | linux | <Β 3.0.0-24.40 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | <Β 3.2.0-29.46 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | <Β 3.2.0-1606.9 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | <Β 2.6.32-347.52 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-natty | <Β 2.6.38-15.65~lucid1 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-oneiric | <Β 3.0.0-24.40~lucid1 | UNKNOWN |
ubuntu | 11.04 | noarch | linux-ti-omap4 | <Β 2.6.38-1209.25 | UNKNOWN |
thread.gmane.org/gmane.linux.network/232111
launchpad.net/bugs/cve/CVE-2012-2136
nvd.nist.gov/vuln/detail/CVE-2012-2136
rhn.redhat.com/errata/RHSA-2012-0690.html
security-tracker.debian.org/tracker/CVE-2012-2136
ubuntu.com/security/notices/USN-1514-1
ubuntu.com/security/notices/USN-1529-1
ubuntu.com/security/notices/USN-1530-1
ubuntu.com/security/notices/USN-1531-1
ubuntu.com/security/notices/USN-1532-1
ubuntu.com/security/notices/USN-1533-1
ubuntu.com/security/notices/USN-1534-1
ubuntu.com/security/notices/USN-1535-1
ubuntu.com/security/notices/USN-1538-1
ubuntu.com/security/notices/USN-1539-1
ubuntu.com/security/notices/USN-1598-1
www.cve.org/CVERecord?id=CVE-2012-2136