Vulnerability ID 5656

Linux Kernel 3.3/3.3.1 cred.c copy_creds() denial of service

CVSSv3 Temp ScoreCurrent Exploit Price (≈)

A vulnerability has been found in Linux Kernel 3.3/3.3.1 and classified as critical. This vulnerability affects the function copy_creds() of the file cred.c. The manipulation with an unknown input leads to a denial of service vulnerability. As an impact it is known to affect availability.

The weakness was released 07/10/2012 with Beyond Security's SecuriTeam Secure Disclosure as RHSA-2012:1064-2 as advisory (Red Hat Security Advisory). The advisory is shared for download at This vulnerability was named CVE-2012-2745 since 05/14/2012. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are known technical details, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 64179 (SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6923 / 6926 / 6931)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks and relying on port 0. The commercial vulnerability scanner Qualys is able to test this issue with plugin 156380.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at SecurityFocus (BID 54365), X-Force (76838), Secunia (SA49778) and Vulnerability Center (SBV-35948). Similar entries are available at 5655.


Base Score: 7.5 [?]
Temp Score: 7.2 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:O/RC:X [?]
Reliability: High


Base Score: 7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C) [?]
Temp Score: 6.2 (CVSS2#E:ND/RL:OF/RC:ND) [?]
Reliability: High




Class: Denial of service (CWE-119)
Local: No
Remote: Yes

Availability: No

Current Price Estimation: $5k-$10k (0-day) / $0-$1k (Today)


Nessus ID: 64179
Nessus Name: SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6923 / 6926 / 6931)
Nessus File: centos_RHSA-2012-1064.nasl
Nessus Family: SuSE Local Security Checks
Nessus Port: 0
OpenVAS ID: 881073
OpenVAS Name: CentOS Update for kernel CESA-2012:1064 centos6
OpenVAS File: gb_CESA-2012_1064_kernel_centos6.nasl
OpenVAS Family: CentOS Local Security Checks
Qualys ID: 156380


Recommended: Patch
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known



05/14/2012 CVE assigned
07/10/2012 +57 days Advisory disclosed
07/10/2012 +0 days Countermeasure disclosed
07/10/2012 +0 days OSVDB entry created
07/12/2012 +2 days VulnerabilityCenter entry assigned
07/19/2012 +7 days VulDB entry created
08/09/2012 +21 days NVD disclosed
08/21/2012 +12 days VulnerabilityCenter entry created
01/25/2013 +157 days Nessus plugin released
06/22/2015 +878 days VulnerabilityCenter entry updated
07/08/2015 +17 days VulDB entry updated


Advisory: RHSA-2012:1064-2
Organization: Beyond Security's SecuriTeam Secure Disclosure

CVE: CVE-2012-2745 ( ( (

SecurityFocus: 54365
Secunia: 49778 - Red Hat update for kernel, Moderately Critical
X-Force: 76838
Vulnerability Center: 35948 - Linux Kernel Before 3.3.2 Local Denial of Service Vulnerability via a Crafted Application, Medium
OSVDB: 83666

See also: 5655


Created: 07/19/2012
Updated: 07/08/2015
Entry: 89.9% complete