PT-2012-1032 · Linux+3 · Linux Kernel+3

Hillf Danton

Publicado

2012-04-24

Atualizado

2023-02-13

CVE-2012-2133

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.3.6

Description The issue is related to a use-after-free vulnerability in the Linux kernel. When huge pages are enabled, local users can cause a denial of service, potentially leading to a system crash, or possibly gain privileges. This can be achieved by interacting with a hugetlbfs filesystem. An example of triggering this issue is through a umount operation that improperly handles quota data.

Recommendations For Linux kernel versions prior to 3.3.6, update to version 3.3.6 or later to resolve the issue. As a temporary workaround, consider disabling huge pages to minimize the risk of exploitation. Restrict access to hugetlbfs filesystems to reduce the potential for privilege escalation.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-399

Identificadores relacionados

BDU:2015-01796

CESA-2012_1426

CVE-2012-2133

DSA-2469-1

RHSA-2012:1426

RHSA-2012:1491

RHSA-2012_1426

RHSA-2013:0741

USN-1457-1

USN-1468-1

USN-1469-1

USN-1470-1

USN-1471-1

USN-1472-1

USN-1473-1

USN-1474-1

USN-1476-1

Produtos afetados

Centos

Linux Kernel

Red Hat

Suse

PT-2012-1032 · Linux+3 · Linux Kernel+3

CVE-2012-2133

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33