CVE-2012-6689

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.5.5

Description The issue concerns the netlink sendmsg function in the Linux kernel, which fails to validate the dst pid field. This allows local users to potentially spoof Netlink messages, although the exact impact is not specified.

Recommendations For Linux kernel versions prior to 3.5.5, update to version 3.5.5 or later to resolve the issue.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CESA-2014_1392

CVE-2012-6689

DLA-246-1

RHSA-2014:1392

RHSA-2014_1392

USN-1599-1

USN-1610-1

Affected Products

Centos

Linux Kernel

Red Hat

CVE-2012-6689

Weakness Enumeration

Related Identifiers

Affected Products

References · 228