CVE-2012-1146medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075781.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
http://secunia.com/advisories/48898
http://secunia.com/advisories/48964
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10
http://www.openwall.com/lists/oss-security/2012/03/07/3
https://bugzilla.redhat.com/show_bug.cgi?id=800813
https://exchange.xforce.ibmcloud.com/vulnerabilities/73711
https://github.com/torvalds/linux/commit/371528caec553785c37f73fa3926ea0de84f986f
Details
Source: MITRE
Published: 2012-05-17
Updated: 2020-07-27
Type: CWE-476
Risk Information
CVSS v2
Base Score: 4.9
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.9
Severity: MEDIUM
CVSS v3
Base Score: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 74801 | openSUSE Security Update : kernel (openSUSE-SU-2012:1439-1) | Nessus | SuSE Local Security Checks | critical |
| 74658 | openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1) | Nessus | SuSE Local Security Checks | critical |
| 74604 | openSUSE Security Update : kernel (openSUSE-SU-2012:0540-1) | Nessus | SuSE Local Security Checks | critical |
| 59322 | USN-1458-1 : linux-ti-omap4 vulnerabilities | Nessus | Ubuntu Local Security Checks | critical |
| 59034 | Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1440-1) | Nessus | Ubuntu Local Security Checks | critical |
| 58947 | Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1433-1) | Nessus | Ubuntu Local Security Checks | critical |
| 58946 | Ubuntu 11.10 : linux vulnerabilities (USN-1431-1) | Nessus | Ubuntu Local Security Checks | critical |
| 58845 | SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172) | Nessus | SuSE Local Security Checks | critical |
| 58742 | Ubuntu 11.04 : linux vulnerabilities (USN-1422-1) | Nessus | Ubuntu Local Security Checks | critical |
| 58741 | Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1421-1) | Nessus | Ubuntu Local Security Checks | critical |
| 58495 | Ubuntu 10.10 : linux vulnerabilities (USN-1407-1) | Nessus | Ubuntu Local Security Checks | critical |
| 58494 | Ubuntu 11.04 : linux vulnerabilities (USN-1406-1) | Nessus | Ubuntu Local Security Checks | critical |
| 58493 | Ubuntu 11.10 : linux vulnerabilities (USN-1405-1) | Nessus | Ubuntu Local Security Checks | critical |
| 58488 | Fedora 15 : kernel-2.6.42.12-1.fc15 (2012-3715) | Nessus | Fedora Local Security Checks | critical |
| 58376 | Fedora 16 : kernel-3.2.10-3.fc16 (2012-3712) | Nessus | Fedora Local Security Checks | critical |