Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2372

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-2372
Last Modified 18 Apr 2013 11:21:36
Published 22 Jan 2013 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-2372

Summary

The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.

Vulnerable Systems

Operating System

  • Linux Kernel 3.4

  • Linux Kernel 3.4.1

  • Linux Kernel 3.4.2

  • Linux Kernel 3.4.3

  • Linux Kernel 3.4.4

  • Linux Kernel 3.7

  • Linux Kernel 3.7.1

  • Linux Kernel 3.7.2

  • Linux Kernel 3.7.3

  • Linux Kernel 3.7.4


References

SUSE - SUSE-SU-2012:1679

CONFIRM - https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=c7b6a0a1d8d636852be130fa15fa8be10d4704e8

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=822754

UBUNTU - USN-1529-1

REDHAT - RHSA-2012:1540

REDHAT - RHSA-2012:0743

BID - 54062

UBUNTU - USN-1556-1

UBUNTU - USN-1555-1

Related Patches

Red Hat 2012:1540-01 RHSA Important: kernel security, bug fix, and enhancement update for RHEL 5 x86

Novell SUSE 2012:7123 kernel security update for SLE 11 SP2 i586

Novell SUSE 2012:7127 kernel security update for SLE 11 SP2 x86_64

Novell SUSE 2013:8507 ofed security update for SLES 10 SP4 i586

Novell SUSE 2013:8507 ofed security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 10:49:53