Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2373

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-2373
Last Modified 23 Jan 2013 11:53:33
Published 09 Aug 2012 06:29:46
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2012-2373

Summary

The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.

Vulnerable Systems

Operating System

  • Linux Kernel 3.4

  • Linux Kernel 3.4.1

  • Linux Kernel 3.4.2

  • Linux Kernel 3.4.3

  • Linux Kernel 3.4.4


References

CONFIRM - https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=822821

MLIST - [oss-security] 20120518 Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition

CONFIRM - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26c191788f18129af0eb32a358cdaea0c7479626

UBUNTU - USN-1529-1

REDHAT - RHSA-2012:0743

Related Patches

Novell SUSE 2012:6457 kernel security update for SLE 11 SP2 i586

Novell SUSE 2012:6463 kernel security update for SLE 11 SP2 x86_64


Last Updated: 27 May 2016 10:55:11