Published: 18/02/2013 Updated: 26/03/2015

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

The __request_module function in kernel/kmod.c in the Linux kernel prior to 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 3.4
linux linux kernel 3.3.2
linux linux kernel 3.3
linux linux kernel 3.3.5
linux linux kernel 3.3.3
linux linux kernel 3.2.5
linux linux kernel 3.2.4
linux linux kernel 3.2.14
linux linux kernel 3.2.30
linux linux kernel 3.2.18
linux linux kernel 3.2
linux linux kernel 3.2.6
linux linux kernel 3.2.7
linux linux kernel 3.1
linux linux kernel 3.1.5
linux linux kernel 3.1.4
linux linux kernel 3.0
linux linux kernel 3.0.36
linux linux kernel 3.0.41
linux linux kernel 3.0.20
linux linux kernel 3.0.21
linux linux kernel 3.0.18
linux linux kernel 3.0.13
linux linux kernel 3.0.10
linux linux kernel 3.0.2
linux linux kernel 3.0.1
linux linux kernel 3.0.6
linux linux kernel 3.0.28
linux linux kernel
linux linux kernel 3.3.4
linux linux kernel 3.3.6
linux linux kernel 3.2.25
linux linux kernel 3.2.1
linux linux kernel 3.2.26
linux linux kernel 3.2.24
linux linux kernel 3.2.23
linux linux kernel 3.2.16
linux linux kernel 3.2.22
linux linux kernel 3.3.7
linux linux kernel 3.3.8
linux linux kernel 3.2.27
linux linux kernel 3.2.28
linux linux kernel 3.2.12
linux linux kernel 3.2.13
linux linux kernel 3.2.17
linux linux kernel 3.2.21
linux linux kernel 3.1.7
linux linux kernel 3.1.6
linux linux kernel 3.0.38
linux linux kernel 3.0.35
linux linux kernel 3.0.22
linux linux kernel 3.0.23
linux linux kernel 3.0.15
linux linux kernel 3.0.12
linux linux kernel 3.0.4
linux linux kernel 3.0.3
linux linux kernel 3.0.30
linux linux kernel 3.0.7
linux linux kernel 3.0.31
linux linux kernel 3.3.1
linux linux kernel 3.2.3
linux linux kernel 3.2.2
linux linux kernel 3.2.15
linux linux kernel 3.2.29
linux linux kernel 3.2.19
linux linux kernel 3.2.20
linux linux kernel 3.2.8
linux linux kernel 3.2.9
linux linux kernel 3.1.10
linux linux kernel 3.1.3
linux linux kernel 3.1.2
linux linux kernel 3.1.1
linux linux kernel 3.0.43
linux linux kernel 3.0.42
linux linux kernel 3.0.39
linux linux kernel 3.0.19
linux linux kernel 3.0.16
linux linux kernel 3.0.11
linux linux kernel 3.0.27
linux linux kernel 3.0.34
linux linux kernel 3.0.32
linux linux kernel 3.0.9
linux linux kernel 3.0.29
linux linux kernel 3.2.10
linux linux kernel 3.2.11
linux linux kernel 3.1.9
linux linux kernel 3.1.8
linux linux kernel 3.0.44
linux linux kernel 3.0.37
linux linux kernel 3.0.40
linux linux kernel 3.0.24
linux linux kernel 3.0.17
linux linux kernel 3.0.14
linux linux kernel 3.0.26
linux linux kernel 3.0.25
linux linux kernel 3.0.5
linux linux kernel 3.0.33
linux linux kernel 3.0.8

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated kernel packages that fix three security issues and several bugs arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity im ...

Synopsis Moderate: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated kernel-rt packages that fix one security issue, several bugs, andadd enhancements are now available for Red Hat Enterprise MRG 22The Red Hat Security Response Team has rated this ...

Synopsis Moderate: Red Hat Enterprise Linux 5 kernel update Type/Severity Security Advisory: Moderate Topic Updated kernel packages that fix one security issue, several bugs, and addvarious enhancements are now available as part of the ongoing support andmaintenance of Red Hat Enterprise Linux version 5 Th ...

Several security issues were fixed in the kernel ...

It was found that a deadlock could occur in the Out of Memory (OOM) killer A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption) (CVE-2012-4398) A flaw was found in the w ...

The do_tkill function in kernel/signalc in the Linux kernel before 389 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call The udp_v6_push_pending_frames function in net/ipv6/udpc in the IPv6 implemen ...

CWE-20 http://www.openwall.com/lists/oss-security/2012/09/02/3 http://lkml.indiana.edu/hypermail/linux/kernel/1202.0/03340.html http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=853474 http://rhn.redhat.com/errata/RHSA-2013-0223.html http://www.securityfocus.com/bid/55361 http://rhn.redhat.com/errata/RHSA-2013-1348.html http://secunia.com/advisories/55077 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2013:0223 https://usn.ubuntu.com/1431-1/

Get Started

CVE-2012-4398

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect