CVE-2012-3520 : The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

Published 2012-10-03 11:02:57

Updated 2023-02-13 04:34:25

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Threat overview for CVE-2012-3520

Top countries where our scanners detected CVE-2012-3520

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2012-3520 6,524

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2012-3520!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2012-3520

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-3520

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:N/I:P/A:N	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2012-3520

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3520

http://www.ubuntu.com/usn/USN-1599-1

USN-1599-1: Linux kernel (OMAP4) vulnerability | Ubuntu security notices
http://www.securityfocus.com/bid/55152

Linux Kernel Netlink Message Handling Local Privilege Escalation Vulnerability
http://www.openwall.com/lists/oss-security/2012/08/22/1

oss-security - CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing
https://bugzilla.redhat.com/show_bug.cgi?id=850449

850449 – (CVE-2012-3520) CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Oracle Linux Bulletin - January 2016

CVEs referencing this url
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30

CVEs referencing this url
https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea

af_netlink: force credentials passing [CVE-2012-3520] · torvalds/linux@e0e3cea · GitHub
Exploit
http://www.ubuntu.com/usn/USN-1610-1

USN-1610-1: Linux kernel vulnerability | Ubuntu security notices
http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html

openSUSE-SU-2013:0261-1: moderate: kernel: update to 3.4.28
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html

[security-announce] openSUSE-SU-2012:1330-1: important: kernel: security

CVEs referencing this url

Products affected by CVE-2012-3520