Published: 09/08/2012 Updated: 12/10/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel prior to 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue and various bugs arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security im ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant secur ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue and multiple bugs arenow available for Red Hat Enterprise Linux 56 Extended Update SupportThe Red Hat Security Response Team has rated this update as ...

It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges Note that unprivileged users cannot access TUN/TAP d ...

Several security issues were fixed in the kernel ...

CWE-20 https://bugzilla.redhat.com/show_bug.cgi?id=816289 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 https://github.com/torvalds/linux/commit/cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc http://www.securityfocus.com/bid/53721 http://www.ubuntu.com/usn/USN-1535-1 http://rhn.redhat.com/errata/RHSA-2012-1087.html http://rhn.redhat.com/errata/RHSA-2012-0743.html http://ubuntu.com/usn/usn-1529-1 http://secunia.com/advisories/50807 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2012:0690 https://usn.ubuntu.com/1535-1/https://alas.aws.amazon.com/ALAS-2012-83.html

CVE-2012-2136

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect