Vulnerability Details : CVE-2012-2119
Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2012-2119
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2119
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2119
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.2
|
MEDIUM | AV:A/AC:M/Au:S/C:N/I:N/A:C |
4.4
|
6.9
|
NIST |
CWE ids for CVE-2012-2119
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2119
-
http://ubuntu.com/usn/usn-1529-1
USN-1529-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5
-
http://rhn.redhat.com/errata/RHSA-2012-0743.html
RHSA-2012:0743 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2012/04/19/14
oss-security - Re: CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages
-
https://github.com/torvalds/linux/commit/b92946e2919134ebe2a4083e4302236295ea2a73
macvtap: zerocopy: validate vectors before building skb · torvalds/linux@b92946e · GitHub
-
http://marc.info/?l=linux-netdev&m=133455718001608&w=2
'[PATCH 3/6] macvtap: zerocopy: validate vector length before pinning user pages' - MARC
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=814278
814278 – (CVE-2012-2119) CVE-2012-2119 kernel: macvtap: zerocopy: vector length is not validated before pinning user pages
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b92946e2919134ebe2a4083e4302236295ea2a73
-
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
[security-announce] openSUSE-SU-2013:0925-1: important: kernel: security
-
https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=4aae94d1c7b32316911c86176c0ed4f8ed62da73
oss.oracle.com
Jump to