kernel: privilege escalation

Package(s):

kernel

CVE #(s):

CVE-2012-2136

Created:

May 30, 2012

Updated:

November 5, 2012

Description:

From the Red Hat advisory:

It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access.

Alerts:

Oracle	ELSA-2013-1645	kernel	2013-11-26
SUSE	SUSE-SU-2012:1391-1	Linux kernel	2012-10-24
Ubuntu	USN-1598-1	linux	2012-10-09
openSUSE	openSUSE-SU-2012:1439-1	kernel	2012-11-05
Ubuntu	USN-1529-1	linux	2012-08-10
Ubuntu	USN-1539-1	linux-lts-backport-oneiric	2012-08-14
Ubuntu	USN-1538-1	linux-lts-backport-natty	2012-08-14
Ubuntu	USN-1535-1	linux	2012-08-10
Ubuntu	USN-1533-1	linux	2012-08-10
Ubuntu	USN-1531-1	linux	2012-08-10
Ubuntu	USN-1530-1	linux-ti-omap4	2012-08-10
Ubuntu	USN-1514-1	linux-ti-omap4	2012-08-10
Ubuntu	USN-1534-1	linux-ec2	2012-08-10
Ubuntu	USN-1532-1	linux-ti-omap4	2012-08-10
Red Hat	RHSA-2012:1087-01	kernel	2012-07-17
openSUSE	openSUSE-SU-2012:0812-1	kernel	2012-07-03
Oracle	ELSA-2012-0862	kernel	2012-07-02
Oracle	ELSA-2012-2022	kernel	2012-07-02
Oracle	ELSA-2012-2022	kernel	2012-07-02
openSUSE	openSUSE-SU-2012:0799-1	kernel	2012-06-28
SUSE	SUSE-SU-2012:0789-1	Linux kernel	2012-06-26
Oracle	ELSA-2012-2021	kernel	2012-06-23
Oracle	ELSA-2012-2021	kernel	2012-06-23
openSUSE	openSUSE-SU-2012:0781-1	kernel	2012-06-22
Oracle	ELSA-2012-0743	kernel	2012-06-21
Oracle	ELSA-2012-2020	kernel	2012-06-21
Oracle	ELSA-2012-0690	kernel	2012-05-31
Red Hat	RHSA-2012:0690-01	kernel	2012-05-29
Scientific Linux	SL-kern-20120619	kernel	2012-06-19
CentOS	CESA-2012:0743	kernel	2012-06-19
Red Hat	RHSA-2012:0743-01	kernel	2012-06-18
Scientific Linux	SL-kern-20120531	kernel	2012-05-31
CentOS	CESA-2012:0690	kernel	2012-05-29