Published: 13/06/2012 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.9 | Exploitability Score: 3.2

VMScore: 410

Vector: AV:A/AC:H/Au:N/C:N/I:N/A:C

The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel prior to 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-4131.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 3.3
linux linux kernel

Synopsis Moderate: kernel security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Updated kernel packages that fix multiple security issues, numerous bugsand add one enhancement are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated thi ...

Synopsis Important: Red Hat Enterprise Linux 6 kernel update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, address severalhundred bugs, and add numerous enhancements are now available as part ofthe ongoing support and maintenance of Red Hat Enter ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix several security issues and multiplebugs are now available for Red Hat Enterprise MRG 23The Red Hat Security Response Team has rated this update as havingimportant ...

A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client (CVE-2012-2375, Moderate) A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel If the TCP Illinois congestion control algorithm were in ...

The system could be made to crash if it received specially crafted network traffic ...

Several security issues were fixed in the kernel ...

The system could be made to crash if it received specially crafted network traffic ...

CWE-189 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2 https://bugzilla.redhat.com/show_bug.cgi?id=822869 http://www.openwall.com/lists/oss-security/2012/05/18/13 https://github.com/torvalds/linux/commit/20e0fa98b751facf9a1101edaefbc19c82616a68 http://rhn.redhat.com/errata/RHSA-2012-1580.html http://marc.info/?l=bugtraq&m=139447903326211&w=2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=20e0fa98b751facf9a1101edaefbc19c82616a68 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2012:1580 https://usn.ubuntu.com/1489-1/https://alas.aws.amazon.com/ALAS-2013-148.html

Get Started

CVE-2012-2375

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect