CVE-2012-2745

CVSS v2.0

4.7

Medium

Vector

AV:L/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.3.2

Description The issue allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. This is due to the copy creds function in kernel/cred.c providing an invalid replacement session keyring to a child process.

Recommendations For versions prior to 3.3.2, update to version 3.3.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the fork system call in sensitive applications until a patch is available.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CESA-2012_1064

CVE-2012-2745

OPENSUSE-SU-2013_0396-1

RHSA-2012:1064

RHSA-2012_1064

SUSE-SU-2012_1350-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0652-1

USN-1448-1

USN-1452-1

USN-1455-1

USN-1459-1

USN-1460-1

USN-1567-1

USN-1574-1

USN-1597-1

USN-1606-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

CVE-2012-2745

Weakness Enumeration

Related Identifiers

Affected Products

References · 32