CVE-2012-2313

CVSS v2.0

1.2

Low

Vector

AV:L/AC:H/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.3.7

Description The issue allows local users to write data to an Ethernet adapter via an ioctl call due to the rio ioctl function in drivers/net/ethernet/dlink/dl2k.c not restricting access to the SIOCSMIIREG command.

Recommendations For versions prior to 3.3.7, update to version 3.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the SIOCSMIIREG command to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2012_1304

CVE-2012-2313

RHSA-2012:1174

RHSA-2012:1282

RHSA-2012:1304

RHSA-2012:1481

RHSA-2012:1541

RHSA-2012:1589

RHSA-2012_1174

RHSA-2012_1304

SUSE-SU-2015:0481-1

USN-1471-1

USN-1472-1

USN-1473-1

USN-1474-1

USN-1476-1

USN-1488-1

USN-1490-1

USN-1491-1

USN-1492-1

USN-1493-1

USN-1530-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

CVE-2012-2313

Weakness Enumeration

Related Identifiers

Affected Products

References · 34