Vulnerability Details : CVE-2012-3520
The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.
Vulnerability category: BypassGain privilege
Products affected by CVE-2012-3520
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.3.20:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.4.33.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.3.25:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.3.24:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.3.27:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.3.29:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.3.26:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.3.28:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.3.21:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.3.22:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.3.23:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.33.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.33.20:*:*:*:*:*:*:*
Threat overview for CVE-2012-3520
Top countries where our scanners detected CVE-2012-3520
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2012-3520 6,524
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-3520!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-3520
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-3520
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:P/A:N |
3.4
|
2.9
|
NIST |
CWE ids for CVE-2012-3520
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3520
-
http://www.ubuntu.com/usn/USN-1599-1
USN-1599-1: Linux kernel (OMAP4) vulnerability | Ubuntu security notices
-
http://www.securityfocus.com/bid/55152
Linux Kernel Netlink Message Handling Local Privilege Escalation Vulnerability
-
http://www.openwall.com/lists/oss-security/2012/08/22/1
oss-security - CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing
-
https://bugzilla.redhat.com/show_bug.cgi?id=850449
850449 – (CVE-2012-3520) CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Oracle Linux Bulletin - January 2016
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30
-
https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea
af_netlink: force credentials passing [CVE-2012-3520] · torvalds/linux@e0e3cea · GitHubExploit
-
http://www.ubuntu.com/usn/USN-1610-1
USN-1610-1: Linux kernel vulnerability | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html
openSUSE-SU-2013:0261-1: moderate: kernel: update to 3.4.28
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea
-
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html
[security-announce] openSUSE-SU-2012:1330-1: important: kernel: security
Jump to