CVE-2012-2136

CVSS v2.0 7.2 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 17

The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.

Weaknesses

CWE-20: Improper Input Validation

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2012-08-09 10:29:46
(12 years ago)
Updated Date: 2023-10-12 14:12:02
(11 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel prior 3.0.37 version	cpe:2.3:o:linux:linux_kernel		< 3.0.37
Linux Kernel from 3.1 version and prior 3.2.23 version	cpe:2.3:o:linux:linux_kernel	>= 3.1	< 3.2.23
Linux Kernel from 3.3 version and prior 3.4.5 version	cpe:2.3:o:linux:linux_kernel	>= 3.3	< 3.4.5