CVE-2012-2372

2013-01-2223:55:02

[email protected]

web.nvd.nist.gov

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:N/I:N/A:C

AI Score

6.1

Confidence

High

EPSS

Percentile

5.1%

JSON

The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface’s own IP address, as demonstrated by rds-ping.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤3.7.4

linuxlinux_kernelMatch3.7

linuxlinux_kernelMatch3.7.1

linuxlinux_kernelMatch3.7.2

linuxlinux_kernelMatch3.7.3

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel3.7cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*
linuxlinux_kernel3.7.1cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*
linuxlinux_kernel3.7.2cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*
linuxlinux_kernel3.7.3cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	3.7	cpe:2.3:o:linux:linux_kernel:3.7:::::::*
linux	linux_kernel	3.7.1	cpe:2.3:o:linux:linux_kernel:3.7.1:::::::*
linux	linux_kernel	3.7.2	cpe:2.3:o:linux:linux_kernel:3.7.2:::::::*
linux	linux_kernel	3.7.3	cpe:2.3:o:linux:linux_kernel:3.7.3:::::::*