Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2133

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-2133
Last Modified 13 Aug 2012 11:37:03
Published 03 Jul 2012 12:40:32
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2012-2133

Summary

Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data.

Vulnerable Systems

Operating System

  • Linux Kernel 3.3

  • Linux Kernel 3.3.1

  • Linux Kernel 3.3.2

  • Linux Kernel 3.3.3

  • Linux Kernel 3.3.4

  • Linux Kernel 3.3.5


References

CONFIRM - https://github.com/torvalds/linux/commit/90481622d75715bfcb68501280a917dbfe516029

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=817430

MLIST - [oss-security] 20120424 Re: CVE Request: use after free bug in

CONFIRM - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=90481622d75715bfcb68501280a917dbfe516029

XF - linux-kernel-hugepages-dos(75168)

BID - 53233

MLIST - [oss-security] 20120424 Re: CVE Request: use after free bug in "quota" handling in hugetlb code

Related Patches

Novell SUSE 2012:6227 kernel security update for SLE 11 SP1 i586

Novell SUSE 2012:6230 kernel security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6338 kernel security update for SLE 11 SP2 i586

Novell SUSE 2012:6349 kernel security update for SLE 11 SP2 x86_64


Last Updated: 27 May 2016 10:51:39