CVE-2012-2373medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.
References
http://marc.info/?l=bugtraq&m=139447903326211&w=2
http://rhn.redhat.com/errata/RHSA-2012-0743.html
http://ubuntu.com/usn/usn-1529-1
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5
http://www.openwall.com/lists/oss-security/2012/05/18/11
https://bugzilla.redhat.com/show_bug.cgi?id=822821
https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:* versions up to 3.4.4 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 79484 | OracleVM 3.1 : kernel-uek (OVMSA-2012-0042) | Nessus | OracleVM Local Security Checks | high |
| 74661 | openSUSE Security Update : Kernel (openSUSE-SU-2012:0812-1) | Nessus | SuSE Local Security Checks | high |
| 68676 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2021) | Nessus | Oracle Linux Local Security Checks | high |
| 68675 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2020) | Nessus | Oracle Linux Local Security Checks | high |
| 68544 | Oracle Linux 6 : kernel (ELSA-2012-0743) | Nessus | Oracle Linux Local Security Checks | high |
| 64176 | SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6453 / 6457) | Nessus | SuSE Local Security Checks | high |
| 64175 | SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463) | Nessus | SuSE Local Security Checks | high |
| 61549 | Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1539-1) | Nessus | Ubuntu Local Security Checks | high |
| 61511 | Ubuntu 11.10 : linux vulnerabilities (USN-1533-1) | Nessus | Ubuntu Local Security Checks | high |
| 61510 | USN-1532-1 : linux-ti-omap4 vulnerabilities | Nessus | Ubuntu Local Security Checks | high |
| 61507 | Ubuntu 12.04 LTS : linux vulnerabilities (USN-1529-1) | Nessus | Ubuntu Local Security Checks | high |
| 61506 | USN-1514-1 : linux-ti-omap4 vulnerabilities | Nessus | Ubuntu Local Security Checks | high |
| 61331 | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120618) | Nessus | Scientific Linux Local Security Checks | high |
| 59661 | Fedora 15 : kernel-2.6.43.8-1.fc15 (2012-8931) | Nessus | Fedora Local Security Checks | medium |
| 59609 | CentOS 6 : kernel (CESA-2012:0743) | Nessus | CentOS Local Security Checks | high |
| 59562 | RHEL 6 : kernel (RHSA-2012:0743) | Nessus | Red Hat Local Security Checks | high |
| 59487 | Fedora 16 : kernel-3.3.8-1.fc16 (2012-8890) | Nessus | Fedora Local Security Checks | medium |
| 59390 | Fedora 17 : kernel-3.4.0-1.fc17 (2012-8824) | Nessus | Fedora Local Security Checks | medium |