CVE-2012-2373

MEDIUM

Description

The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26c191788f18129af0eb32a358cdaea0c7479626

http://marc.info/?l=bugtraq&m=139447903326211&w=2

http://rhn.redhat.com/errata/RHSA-2012-0743.html

http://ubuntu.com/usn/usn-1529-1

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5

http://www.openwall.com/lists/oss-security/2012/05/18/11

https://bugzilla.redhat.com/show_bug.cgi?id=822821

https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626

Details

Source: MITRE

Published: 2012-08-09

Updated: 2016-08-23

Type: CWE-362

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 1.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:x86:*

cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:x86:*

cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:x86:*

cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:x86:*

cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:x86:*

cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:x86:*

cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:x86:*

cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:x86:*

cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:x86:*

cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:x86:*

cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:x86:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:* versions up to 3.4.4 (inclusive)

Tenable Plugins

View all (19 total)

ID	Name	Product	Family	Severity
79484	OracleVM 3.1 : kernel-uek (OVMSA-2012-0042)	Nessus	OracleVM Local Security Checks	high
74661	openSUSE Security Update : Kernel (openSUSE-SU-2012:0812-1)	Nessus	SuSE Local Security Checks	high
68676	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2021)	Nessus	Oracle Linux Local Security Checks	high
68675	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2020)	Nessus	Oracle Linux Local Security Checks	high
68544	Oracle Linux 6 : kernel (ELSA-2012-0743)	Nessus	Oracle Linux Local Security Checks	high
64176	SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6453 / 6457)	Nessus	SuSE Local Security Checks	high
64175	SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463)	Nessus	SuSE Local Security Checks	high
61549	Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1539-1)	Nessus	Ubuntu Local Security Checks	high
61511	Ubuntu 11.10 : linux vulnerabilities (USN-1533-1)	Nessus	Ubuntu Local Security Checks	high
61510	USN-1532-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	high
61507	Ubuntu 12.04 LTS : linux vulnerabilities (USN-1529-1)	Nessus	Ubuntu Local Security Checks	high
61506	USN-1514-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	high
61331	Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120618)	Nessus	Scientific Linux Local Security Checks	high
59661	Fedora 15 : kernel-2.6.43.8-1.fc15 (2012-8931)	Nessus	Fedora Local Security Checks	medium
59609	CentOS 6 : kernel (CESA-2012:0743)	Nessus	CentOS Local Security Checks	high
59562	RHEL 6 : kernel (RHSA-2012:0743)	Nessus	Red Hat Local Security Checks	high
59487	Fedora 16 : kernel-3.3.8-1.fc16 (2012-8890)	Nessus	Fedora Local Security Checks	medium
59390	Fedora 17 : kernel-3.4.0-1.fc17 (2012-8824)	Nessus	Fedora Local Security Checks	medium
801519	CentOS RHSA-2012-0743 Security Check	Log Correlation Engine	Generic	high