Input validation error in Linux kernel
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2012-2744 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU43756
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2012-2744
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLinux kernel: 2.6.33 - 2.6.33.19
External linkshttp://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9e2dcf72023d1447f09c47d77c99b0c49659e5ce
http://rhn.redhat.com/errata/RHSA-2012-1064.html
http://rhn.redhat.com/errata/RHSA-2012-1148.html
http://secunia.com/advisories/49928
http://www.securityfocus.com/bid/54367
http://www.securitytracker.com/id?1027235
http://bugzilla.redhat.com/show_bug.cgi?id=833402
http://github.com/torvalds/linux/commit/9e2dcf72023d1447f09c47d77c99b0c49659e5ce
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
