4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.3%
The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram
Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier
allows local users to cause a denial of service (BUG_ON and kernel panic)
by establishing an RDS connection with the source IP address equal to the
IPoIB interfaceβs own IP address, as demonstrated by rds-ping.
Author | Note |
---|---|
jdstrand | linux-armadaxp is maintained by OEM |
apw | this is claimed fixed by RedHat but I cannot find the fix anywhere, the only reference I did find to the CVE in Fedora implies they have miss tagged the fix for CVE-2012-2373 as 2372: http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/775892 note the patch is the x86 pmd patch. needs-triage back to -security for lack of a clear direction on a fix (per irc discussions) Looking at the RHEL kernels it appears that this is the fix, though it is not upstream as yet: http://people.canonical.com/~apw/misc/cves/CVE-2012-2372-1.diff |
kees | https://oss.oracle.com/git/?p=redpatch.git;a=commitdiff;h=c7b6a0a1d8d636852be130fa15fa8be10d4704e8 seems fixed upstream by 18fc25c94eadc52a42c025125af24657a93638c0 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | <Β 2.6.32-42.96 | UNKNOWN |
ubuntu | 11.04 | noarch | linux | <Β 2.6.38-15.65 | UNKNOWN |
ubuntu | 11.10 | noarch | linux | <Β 3.0.0-25.41 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | <Β 3.2.0-29.46 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | <Β 3.2.0-1606.9 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | <Β 2.6.32-347.53 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-natty | <Β 2.6.38-15.65~lucid1 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-oneiric | <Β 3.0.0-25.41~lucid1 | UNKNOWN |
ubuntu | 11.04 | noarch | linux-ti-omap4 | <Β 2.6.38-1209.25 | UNKNOWN |
ubuntu | 11.10 | noarch | linux-ti-omap4 | <Β 3.0.0-1215.27 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2012-2372
nvd.nist.gov/vuln/detail/CVE-2012-2372
rhn.redhat.com/errata/RHSA-2012-0743.html
security-tracker.debian.org/tracker/CVE-2012-2372
ubuntu.com/security/notices/USN-1514-1
ubuntu.com/security/notices/USN-1529-1
ubuntu.com/security/notices/USN-1530-1
ubuntu.com/security/notices/USN-1531-1
ubuntu.com/security/notices/USN-1538-1
ubuntu.com/security/notices/USN-1554-1
ubuntu.com/security/notices/USN-1555-1
ubuntu.com/security/notices/USN-1556-1
ubuntu.com/security/notices/USN-1558-1
ubuntu.com/security/notices/USN-1563-1
www.cve.org/CVERecord?id=CVE-2012-2372