CVE-2012-3552 : Race condition in the IP implementation in the Linux kernel before 3.0 might all

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.

Published 2012-10-03 11:02:57

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2012-3552

Redhat » Enterprise Linux Eus » Version: 6.2
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 3.0
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2012-3552

Top countries where our scanners detected CVE-2012-3552

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2012-3552 67

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2012-3552!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2012-3552

EPSS FAQ

2.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-3552

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C	8.6	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2012-3552

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3552

https://bugzilla.redhat.com/show_bug.cgi?id=853465

853465 – (CVE-2012-3552) CVE-2012-3552 kernel: net: slab corruption due to improper synchronization around inet->opt
Issue Tracking;Patch;Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1540.html

RHSA-2012:1540 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/08/31/11

oss-security - Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt
Mailing List;Patch;Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6d8bd051c391c1c0458a30b2a7abcd939329259
http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0

404 Not Found
Broken Link

CVEs referencing this url
https://github.com/torvalds/linux/commit/f6d8bd051c391c1c0458a30b2a7abcd939329259

inet: add RCU protection to inet->opt · torvalds/linux@f6d8bd0 · GitHub
Patch;Third Party Advisory