CVE-2012-2373

The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:H/Au:N/C:N/I:N/A:C

Exploitability : 1.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26c191788f18129af0eb32a358cdaea0c7479626
http://marc.info/?l=bugtraq&m=139447903326211&w=2
http://rhn.redhat.com/errata/RHSA-2012-0743.html
http://ubuntu.com/usn/usn-1529-1
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5
http://www.openwall.com/lists/oss-security/2012/05/18/11
https://bugzilla.redhat.com/show_bug.cgi?id=822821
https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626	Patch
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26c191788f18129af0eb32a358cdaea0c7479626
http://marc.info/?l=bugtraq&m=139447903326211&w=2
http://rhn.redhat.com/errata/RHSA-2012-0743.html
http://ubuntu.com/usn/usn-1529-1
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5
http://www.openwall.com/lists/oss-security/2012/05/18/11
https://bugzilla.redhat.com/show_bug.cgi?id=822821
https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel:::::::x86:*
	cpe:2.3:o:linux:linux_kernel:3.4::::::x86:
	cpe:2.3:o:linux:linux_kernel:3.4:rc1:::::x86:*
	cpe:2.3:o:linux:linux_kernel:3.4:rc2:::::x86:*
	cpe:2.3:o:linux:linux_kernel:3.4:rc3:::::x86:*
	cpe:2.3:o:linux:linux_kernel:3.4:rc4:::::x86:*
	cpe:2.3:o:linux:linux_kernel:3.4:rc5:::::x86:*
	cpe:2.3:o:linux:linux_kernel:3.4:rc6:::::x86:*
	cpe:2.3:o:linux:linux_kernel:3.4:rc7:::::x86:*
	cpe:2.3:o:linux:linux_kernel:3.4.1::::::x86:
	cpe:2.3:o:linux:linux_kernel:3.4.2::::::x86:
	cpe:2.3:o:linux:linux_kernel:3.4.3::::::x86:

History

21 Nov 2024, 01:38

Type	Values Removed	Values Added
References	~~() http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26c191788f18129af0eb32a358cdaea0c7479626 -~~	() http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26c191788f18129af0eb32a358cdaea0c7479626 -
References	~~() http://marc.info/?l=bugtraq&m=139447903326211&w=2 -~~	() http://marc.info/?l=bugtraq&m=139447903326211&w=2 -
References	~~() http://rhn.redhat.com/errata/RHSA-2012-0743.html -~~	() http://rhn.redhat.com/errata/RHSA-2012-0743.html -
References	~~() http://ubuntu.com/usn/usn-1529-1 -~~	() http://ubuntu.com/usn/usn-1529-1 -
References	~~() http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 -~~	() http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 -
References	~~() http://www.openwall.com/lists/oss-security/2012/05/18/11 -~~	() http://www.openwall.com/lists/oss-security/2012/05/18/11 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=822821 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=822821 -
References	~~() https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626 - Patch~~	() https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626 - Patch

Information

Published : 2012-08-09 10:29

Updated : 2024-11-21 01:38

NVD link : CVE-2012-2373

Mitre link : CVE-2012-2373

CVE.ORG link : CVE-2012-2373

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

4.0 /10