PT-2012-1032 · Linux+3 · Linux Kernel+3

Hillf Danton

·

Published

2012-04-24

·

Updated

2023-02-13

·

CVE-2012-2133

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.3.6
Description The issue is related to a use-after-free vulnerability in the Linux kernel. When huge pages are enabled, local users can cause a denial of service, potentially leading to a system crash, or possibly gain privileges. This can be achieved by interacting with a hugetlbfs filesystem. An example of triggering this issue is through a umount operation that improperly handles quota data.
Recommendations For Linux kernel versions prior to 3.3.6, update to version 3.3.6 or later to resolve the issue. As a temporary workaround, consider disabling huge pages to minimize the risk of exploitation. Restrict access to hugetlbfs filesystems to reduce the potential for privilege escalation.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-399

Related Identifiers

BDU:2015-01796
CESA-2012_1426
CVE-2012-2133
DSA-2469-1
RHSA-2012:1426
RHSA-2012:1491
RHSA-2012_1426
RHSA-2013:0741
USN-1457-1
USN-1468-1
USN-1469-1
USN-1470-1
USN-1471-1
USN-1472-1
USN-1473-1
USN-1474-1
USN-1476-1

Affected Products

Centos
Linux Kernel
Red Hat
Suse