CVE-2012-2373

medium

Description

The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.

References

https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626

https://bugzilla.redhat.com/show_bug.cgi?id=822821

http://www.openwall.com/lists/oss-security/2012/05/18/11

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5

http://ubuntu.com/usn/usn-1529-1

http://rhn.redhat.com/errata/RHSA-2012-0743.html

http://marc.info/?l=bugtraq&m=139447903326211&w=2

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26c191788f18129af0eb32a358cdaea0c7479626

Details

Source: Mitre, NVD

Published: 2012-08-09

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00075