CVE-2012-6657

CVSS v2.0 4.9 (Medium)

EPSS 0.05 % (17^th)

Affected Products 2

Advisories 8

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2014-09-28 10:55:10
(10 years ago)
Updated Date: 2023-02-13 04:38:02
(19 months ago)

Affected Products

Linux

Linux Kernel

Novell

Suse Linux Enterprise Server

Configuration #1

	CPE23	Up To
Linux Kernel 3.5.6 and prior versions	cpe:2.3:o:linux:linux_kernel	<= 3.5.6
Linux Kernel 3.5.1	cpe:2.3:o:linux:linux_kernel:3.5.1
Linux Kernel 3.5.2	cpe:2.3:o:linux:linux_kernel:3.5.2
Linux Kernel 3.5.3	cpe:2.3:o:linux:linux_kernel:3.5.3
Linux Kernel 3.5.4	cpe:2.3:o:linux:linux_kernel:3.5.4
Linux Kernel 3.5.5	cpe:2.3:o:linux:linux_kernel:3.5.5

Configuration #2

		CPE23	From	Up To
	Novell Suse Linux Enterprise Server 10.0 SP4	cpe:2.3:o:novell:suse_linux_enterprise_server:10.0:sp4:::ltss
	Novell Suse Linux Enterprise Server 11.0 SP1	cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp1:::ltss