Published: 03/10/2012 Updated: 13/02/2023

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

VMScore: 170

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

The Netlink implementation in the Linux kernel prior to 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 3.2.21
linux linux kernel 2.3.21
linux linux kernel 3.2.19
linux linux kernel 3.2.23
linux linux kernel 3.2.18
linux linux kernel 3.2.5
linux linux kernel 3.2.26
linux linux kernel 2.3.28
linux linux kernel
linux linux kernel 2.3.26
linux linux kernel 3.2
linux linux kernel 3.2.16
linux linux kernel 3.3.2
linux linux kernel 3.2.27
linux linux kernel 2.4.33.2
linux linux kernel 2.3.27
linux linux kernel 2.6.13.2
linux linux kernel 3.2.11
linux linux kernel 2.3.24
linux linux kernel 2.6.33.2
linux linux kernel 3.2.10
linux linux kernel 3.2.14
linux linux kernel 3.2.25
linux linux kernel 3.2.4
linux linux kernel 2.3.29
linux linux kernel 2.3.2
linux linux kernel 3.2.9
linux linux kernel 3.2.15
linux linux kernel 3.2.20
linux linux kernel 3.2.24
linux linux kernel 2.6.33.20
linux linux kernel 3.2.6
linux linux kernel 2.3.23
linux linux kernel 3.2.2
linux linux kernel 2.3.22
linux linux kernel 3.2.13
linux linux kernel 3.2.1
linux linux kernel 3.2.7
linux linux kernel 2.6.23.2
linux linux kernel 2.3.20
linux linux kernel 3.2.22
linux linux kernel 2.3.25
linux linux kernel 3.2.17
linux linux kernel 3.2.8
linux linux kernel 3.2.12
linux linux kernel 3.2.28
linux linux kernel 3.2.3

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix several security issues and multiplebugs are now available for Red Hat Enterprise MRG 22The Red Hat Security Response Team has rated this update as havingimportant ...

The system could be made to run actions or potentially programs as an administrator ...

The system could be made to perform privileged actions as an administrator ...

The Netlink implementation in the Linux kernel before 3230 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager ...

CWE-287 https://bugzilla.redhat.com/show_bug.cgi?id=850449 http://www.openwall.com/lists/oss-security/2012/08/22/1 https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html http://www.ubuntu.com/usn/USN-1610-1 http://www.ubuntu.com/usn/USN-1599-1 http://www.securityfocus.com/bid/55152 http://secunia.com/advisories/50848 http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea https://access.redhat.com/errata/RHSA-2012:1491 https://nvd.nist.gov https://usn.ubuntu.com/1599-1/

CVE-2012-3520

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect