CVE-2012-5532

Name of the Vulnerable Software and Affected Versions hypervkvpd versions prior to 3.8-rc1 hypervkvpd-debuginfo-0 (affected versions not specified) Red Hat Enterprise Linux (affected versions not specified) CentOS (affected versions not specified)

Description The issue allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. This is due to an incorrect fix in the main function in tools/hv/hv kvp daemon.c. The vulnerability can be exploited locally.

Recommendations For hypervkvpd versions prior to 3.8-rc1, update to a version 3.8-rc1 or later to resolve the issue. For hypervkvpd-debuginfo-0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Red Hat Enterprise Linux and CentOS, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the hv kvp daemon function in the tools/hv/hv kvp daemon.c file until a patch is available.