CVE-2012-6543

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.6

Description The issue exists in the l2tp ip6 getname function in the Linux kernel due to incorrect return values under certain circumstances. This allows local users to access sensitive information from kernel stack memory using a specially crafted application that utilizes an uninitialized pointer argument. The function does not initialize a certain structure member, which enables the exploitation.

Recommendations For Linux kernel versions prior to 3.6, update to version 3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the l2tp ip6 getname function until a patch is available. Avoid using uninitialized pointer arguments in applications that utilize this function to minimize the risk of exploitation.