Vulnerability Details : CVE-2012-2373
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.
Vulnerability category: Denial of service
Products affected by CVE-2012-2373
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:*
- cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:x86:*
- cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:x86:*
- cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:x86:*
- cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:x86:*
- cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:x86:*
- cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:x86:*
- cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:x86:*
- cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:x86:*
- cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:x86:*
- cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:x86:*
- cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:x86:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2373
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2373
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:L/AC:H/Au:N/C:N/I:N/A:C |
1.9
|
6.9
|
NIST |
CWE ids for CVE-2012-2373
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2373
-
https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626
mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race … · torvalds/linux@26c1917 · GitHubPatch
-
https://bugzilla.redhat.com/show_bug.cgi?id=822821
822821 – (CVE-2012-2373) CVE-2012-2373 kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition
-
http://ubuntu.com/usn/usn-1529-1
USN-1529-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5
-
http://rhn.redhat.com/errata/RHSA-2012-0743.html
RHSA-2012:0743 - Security Advisory - Red Hat Customer Portal
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26c191788f18129af0eb32a358cdaea0c7479626
-
http://marc.info/?l=bugtraq&m=139447903326211&w=2
'[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server ' - MARC
-
http://www.openwall.com/lists/oss-security/2012/05/18/11
oss-security - Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition
Jump to