kernel: privilege escalation [LWN.net]

Package(s):

kernel

CVE #(s):

CVE-2012-2136

Created:

May 30, 2012

Updated:

November 5, 2012

Description:

From the Red Hat advisory:

It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access.

Alerts:

Red Hat	RHSA-2012:0690-01	2012-05-29
CentOS	CESA-2012:0690	2012-05-29
Oracle	ELSA-2012-0690	2012-05-31
Scientific Linux	SL-kern-20120531	2012-05-31
Red Hat	RHSA-2012:0743-01	2012-06-18
CentOS	CESA-2012:0743	2012-06-19
Scientific Linux	SL-kern-20120619	2012-06-19
Oracle	ELSA-2012-2020	2012-06-21
Oracle	ELSA-2012-0743	2012-06-21
openSUSE	openSUSE-SU-2012:0781-1	2012-06-22
Oracle	ELSA-2012-2021	2012-06-23
Oracle	ELSA-2012-2021	2012-06-23
SUSE	SUSE-SU-2012:0789-1	2012-06-26
openSUSE	openSUSE-SU-2012:0799-1	2012-06-28
Oracle	ELSA-2012-2022	2012-07-02
Oracle	ELSA-2012-2022	2012-07-02
Oracle	ELSA-2012-0862	2012-07-02
openSUSE	openSUSE-SU-2012:0812-1	2012-07-03
Red Hat	RHSA-2012:1087-01	2012-07-17
Ubuntu	USN-1514-1	2012-08-10
Ubuntu	USN-1529-1	2012-08-10
Ubuntu	USN-1530-1	2012-08-10
Ubuntu	USN-1531-1	2012-08-10
Ubuntu	USN-1532-1	2012-08-10
Ubuntu	USN-1533-1	2012-08-10
Ubuntu	USN-1535-1	2012-08-10
Ubuntu	USN-1534-1	2012-08-10
Ubuntu	USN-1538-1	2012-08-14
Ubuntu	USN-1539-1	2012-08-14
Ubuntu	USN-1598-1	2012-10-09
SUSE	SUSE-SU-2012:1391-1	2012-10-24
openSUSE	openSUSE-SU-2012:1439-1	2012-11-05

(Log in to post comments)