ID CVE-2012-2373
Summary The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:x86:*
  • cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:x86:*
    cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:x86:*
CVSS
Base: 4.0 (as of 23-08-2016 - 02:05)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 822821
title CVE-2012-2373 kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment kernel is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743005
      • comment kernel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842006
    • AND
      • comment kernel-bootwrapper is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743007
      • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842010
    • AND
      • comment kernel-debug is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743015
      • comment kernel-debug is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842012
    • AND
      • comment kernel-debug-devel is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743019
      • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842014
    • AND
      • comment kernel-devel is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743011
      • comment kernel-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842016
    • AND
      • comment kernel-doc is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743025
      • comment kernel-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842024
    • AND
      • comment kernel-firmware is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743027
      • comment kernel-firmware is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842026
    • AND
      • comment kernel-headers is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743009
      • comment kernel-headers is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842008
    • AND
      • comment kernel-kdump is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743023
      • comment kernel-kdump is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842018
    • AND
      • comment kernel-kdump-devel is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743021
      • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842020
    • AND
      • comment perf is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743017
      • comment perf is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842022
    • AND
      • comment python-perf is earlier than 0:2.6.32-220.23.1.el6
        oval oval:com.redhat.rhsa:tst:20120743013
      • comment python-perf is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111530020
rhsa
id RHSA-2012:0743
released 2012-06-18
severity Important
title RHSA-2012:0743: kernel security and bug fix update (Important)
rpms
  • kernel-0:2.6.32-220.23.1.el6
  • kernel-bootwrapper-0:2.6.32-220.23.1.el6
  • kernel-debug-0:2.6.32-220.23.1.el6
  • kernel-debug-devel-0:2.6.32-220.23.1.el6
  • kernel-devel-0:2.6.32-220.23.1.el6
  • kernel-doc-0:2.6.32-220.23.1.el6
  • kernel-firmware-0:2.6.32-220.23.1.el6
  • kernel-headers-0:2.6.32-220.23.1.el6
  • kernel-kdump-0:2.6.32-220.23.1.el6
  • kernel-kdump-devel-0:2.6.32-220.23.1.el6
  • perf-0:2.6.32-220.23.1.el6
  • python-perf-0:2.6.32-220.23.1.el6
refmap via4
confirm
hp HPSBGN02970
mlist [oss-security] 20120518 Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition
ubuntu USN-1529-1
Last major update 23-08-2016 - 02:05
Published 09-08-2012 - 10:29
Back to Top