CVE-2012-3520

Linux Kernel < 3.2.30 - Improper Authentication via Netlink Messages

Title source: llm
STIX 2.1

Description

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

References (12)

Core 12
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/22/1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/55152
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1599-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1610-1
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50848
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=850449

Scores

EPSS 0.0043
EPSS Percentile 34.3%

Details

CWE
CWE-287
Status published
Products (44)
linux/linux_kernel 2.3.2
linux/linux_kernel 2.3.20
linux/linux_kernel 2.3.21
linux/linux_kernel 2.3.22
linux/linux_kernel 2.3.23
linux/linux_kernel 2.3.24
linux/linux_kernel 2.3.25
linux/linux_kernel 2.3.26
linux/linux_kernel 2.3.27
linux/linux_kernel 2.3.28
... and 34 more
Published Oct 03, 2012
Tracked Since Feb 18, 2026