CVE-2012-2136

The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc	Broken Link
http://rhn.redhat.com/errata/RHSA-2012-0743.html	Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2012-1087.html	Third Party Advisory
http://secunia.com/advisories/50807	URL Repurposed
http://ubuntu.com/usn/usn-1529-1	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5	Vendor Advisory
http://www.securityfocus.com/bid/53721	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1535-1	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=816289	Issue Tracking
https://github.com/torvalds/linux/commit/cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc	Exploit Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

12 Oct 2023, 14:12

Type	Values Removed	Values Added
References	~~(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=816289 -~~	(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=816289 - Issue Tracking
References	~~(BID) http://www.securityfocus.com/bid/53721 -~~	(BID) http://www.securityfocus.com/bid/53721 - Third Party Advisory, VDB Entry
References	~~(REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0743.html -~~	(REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0743.html - Third Party Advisory, VDB Entry
References	~~(UBUNTU) http://www.ubuntu.com/usn/USN-1535-1 -~~	(UBUNTU) http://www.ubuntu.com/usn/USN-1535-1 - Third Party Advisory
References	~~(UBUNTU) http://ubuntu.com/usn/usn-1529-1 -~~	(UBUNTU) http://ubuntu.com/usn/usn-1529-1 - Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/50807 -~~	(SECUNIA) http://secunia.com/advisories/50807 - URL Repurposed
References	~~(CONFIRM) http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 -~~	(CONFIRM) http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 - Vendor Advisory
References	~~(MISC) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc -~~	(MISC) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc - Broken Link
References	~~(REDHAT) http://rhn.redhat.com/errata/RHSA-2012-1087.html -~~	(REDHAT) http://rhn.redhat.com/errata/RHSA-2012-1087.html - Third Party Advisory
CPE	cpe:2.3:o:linux:linux_kernel:3.4.3:::::::* cpe:2.3:o:linux:linux_kernel:3.4:rc3:::::: cpe:2.3:o:linux:linux_kernel:3.4:rc7:::::: cpe:2.3:o:linux:linux_kernel:3.4:rc4:::::: cpe:2.3:o:linux:linux_kernel:3.4.2:::::::* cpe:2.3:o:linux:linux_kernel:3.4:::::::* cpe:2.3:o:linux:linux_kernel:3.4:rc6:::::: cpe:2.3:o:linux:linux_kernel:3.4:rc5:::::: cpe:2.3:o:linux:linux_kernel:3.4:rc2:::::: cpe:2.3:o:linux:linux_kernel:3.4:rc1:::::: cpe:2.3:o:linux:linux_kernel:3.4.1:::::::*

13 Feb 2023, 04:33

Type	Values Removed	Values Added
References	~~{'url': 'https://access.redhat.com/errata/RHSA-2012:0690', 'name': 'https://access.redhat.com/errata/RHSA-2012:0690', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/security/cve/CVE-2012-2136', 'name': 'https://access.redhat.com/security/cve/CVE-2012-2136', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2012:0743', 'name': 'https://access.redhat.com/errata/RHSA-2012:0743', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2012:1087', 'name': 'https://access.redhat.com/errata/RHSA-2012:1087', 'tags': [], 'refsource': 'MISC'}~~
Summary	~~CVE-2012-2136 kernel: net: insufficient data_len validation in sock_alloc_send_pskb()~~	The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.

02 Feb 2023, 18:15

Type	Values Removed	Values Added
References	{'url': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc', 'name': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc', 'tags': [], 'refsource': 'CONFIRM'}	(MISC) https://access.redhat.com/errata/RHSA-2012:0690 - (MISC) https://access.redhat.com/security/cve/CVE-2012-2136 - (MISC) https://access.redhat.com/errata/RHSA-2012:0743 - (MISC) https://access.redhat.com/errata/RHSA-2012:1087 - (MISC) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc -
Summary	The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.	CVE-2012-2136 kernel: net: insufficient data_len validation in sock_alloc_send_pskb()

Information

Published : 2012-08-09 10:29

Updated : 2023-12-10 11:16

NVD link : CVE-2012-2136

Mitre link : CVE-2012-2136

CVE.ORG link : CVE-2012-2136

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-20

Improper Input Validation

7.2 /10