CVE-2012-2375

CVSS v2.0 4.6 (Medium)

EPSS 0.26 % (67^th)

Affected Products 1

Advisories 16

The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-4131.

Weaknesses

CWE-189: Numeric Errors

Related CVEs

CVE-2011-4131

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2012-06-13 10:24:55
(12 years ago)
Updated Date: 2023-11-07 02:10:32
(10 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	Up To
Linux Kernel 3.3.1 and prior versions	cpe:2.3:o:linux:linux_kernel	<= 3.3.1
Linux Kernel 3.3	cpe:2.3:o:linux:linux_kernel:3.3
Linux Kernel 3.3 Rc1	cpe:2.3:o:linux:linux_kernel:3.3:rc1
Linux Kernel 3.3 Rc2	cpe:2.3:o:linux:linux_kernel:3.3:rc2
Linux Kernel 3.3 Rc3	cpe:2.3:o:linux:linux_kernel:3.3:rc3
Linux Kernel 3.3 Rc4	cpe:2.3:o:linux:linux_kernel:3.3:rc4
Linux Kernel 3.3 Rc5	cpe:2.3:o:linux:linux_kernel:3.3:rc5
Linux Kernel 3.3 Rc6	cpe:2.3:o:linux:linux_kernel:3.3:rc6
Linux Kernel 3.3 Rc7	cpe:2.3:o:linux:linux_kernel:3.3:rc7