4.6 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:H/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
60.2%
The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4
implementation in the Linux kernel before 3.3.2 uses an incorrect length
variable during a copy operation, which allows remote NFS servers to cause
a denial of service (OOPS) by sending an excessive number of bitmap words
in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2011-4131.
Author | Note |
---|---|
jdstrand | linux-armadaxp is maintained by OEM introduced by fix for CVE-2011-4131 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 11.04 | noarch | linux | <ย 2.6.38-15.61 | UNKNOWN |
ubuntu | 11.10 | noarch | linux | <ย 3.0.0-22.36 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | <ย 3.2.0-26.41 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | <ย 3.2.0-1605.8 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-natty | <ย 2.6.38-15.61~lucid1 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-oneiric | <ย 3.0.0-22.36~lucid1 | UNKNOWN |
ubuntu | 11.04 | noarch | linux-ti-omap4 | <ย 2.6.38-1209.25 | UNKNOWN |
ubuntu | 11.10 | noarch | linux-ti-omap4 | <ย 3.0.0-1212.24 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | <ย 3.2.0-1415.20 | UNKNOWN |
www.openwall.com/lists/oss-security/2012/05/18/13
launchpad.net/bugs/cve/CVE-2012-2375
nvd.nist.gov/vuln/detail/CVE-2012-2375
security-tracker.debian.org/tracker/CVE-2012-2375
ubuntu.com/security/notices/USN-1486-1
ubuntu.com/security/notices/USN-1487-1
ubuntu.com/security/notices/USN-1488-1
ubuntu.com/security/notices/USN-1489-1
ubuntu.com/security/notices/USN-1490-1
ubuntu.com/security/notices/USN-1494-1
ubuntu.com/security/notices/USN-1499-1
ubuntu.com/security/notices/USN-1530-1
www.cve.org/CVERecord?id=CVE-2012-2375