Vulnerability Details : CVE-2012-2313
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
Products affected by CVE-2012-2313
- cpe:2.3:o:novell:suse_linux_enterprise_server:10.0:sp4:*:*:ltss:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.6.z:*:server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_long_life:5.6:*:server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2.z:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.1.z:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*
Threat overview for CVE-2012-2313
Top countries where our scanners detected CVE-2012-2313
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2012-2313 6,905
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-2313!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-2313
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2313
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.2
|
LOW | AV:L/AC:H/Au:N/C:N/I:N/A:P |
1.9
|
2.9
|
NIST |
CWE ids for CVE-2012-2313
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2313
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1bb57e940e1958e40d51f2078f50c3a96a9b2d75
-
https://github.com/torvalds/linux/commit/1bb57e940e1958e40d51f2078f50c3a96a9b2d75
dl2k: Clean up rio_ioctl · torvalds/linux@1bb57e9 · GitHubExploit;Patch
-
http://rhn.redhat.com/errata/RHSA-2012-1541.html
RHSA-2012:1541 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1589.html
RHSA-2012:1589 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=818820
818820 – (CVE-2012-2313) CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by usersIssue Tracking
-
http://www.securityfocus.com/bid/53965
Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2012/05/04/8
oss-security - Re: CVE Request: more tight ioctl permissions in dl2k driverMailing List
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
[security-announce] SUSE-SU-2015:0812-1: important: Security update forThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1481.html
RHSA-2012:1481 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139447903326211&w=2
'[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server ' - MARCThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1174.html
RHSA-2012:1174 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.7
Release Notes
Jump to