CVE-2012-2372 in Linux
Summary
by MITRE
The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface s own IP address, as demonstrated by rds-ping.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/25/2021
The vulnerability identified as CVE-2012-2372 resides within the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel, specifically in the rds_ib_xmit function located in net/rds/ib_send.c. This flaw represents a critical local privilege escalation vector that can lead to system-wide denial of service conditions. The RDS protocol is designed to provide reliable datagram communication over RDMA (Remote Direct Memory Access) networks, particularly utilizing InfiniBand interfaces. The vulnerability manifests when a local user establishes an RDS connection where the source IP address matches the IPoIB (InfiniBand over IP) interface's own IP address, a condition that can be exploited through tools like rds-ping to trigger catastrophic system failures.
The technical root cause of this vulnerability stems from inadequate input validation within the RDS implementation's handling of IP address information during connection establishment. When the source IP address equals the interface's own IP address, the kernel's BUG_ON macro is triggered, which causes an immediate kernel panic and system crash. This occurs because the RDS subsystem fails to properly validate the source address against the local interface configuration, leading to a condition where the kernel's assertion mechanism is violated. The vulnerability is classified under CWE-248 as an Uncaught Exception, where an exception condition is not properly handled, and the flaw specifically targets the kernel's memory management and network subsystem integrity. The flaw exists in the Linux kernel version 3.7.4 and earlier, indicating this was a long-standing issue that affected multiple kernel releases.
The operational impact of CVE-2012-2372 is severe and directly affects system availability and stability. A local attacker can exploit this vulnerability to cause immediate system crashes, resulting in complete denial of service for the affected machine. The kernel panic that occurs when the BUG_ON condition is triggered prevents normal system operation and requires manual intervention to restore service. This vulnerability is particularly dangerous in production environments where system uptime is critical, as it can be exploited by any local user with access to the system, making it a significant security risk for multi-user systems. The exploitation requires minimal privileges and can be automated, making it an attractive target for attackers seeking to disrupt services. From an ATT&CK framework perspective, this vulnerability maps to T1499.004 (Endpoint Denial of Service) and T1068 (Local Privilege Escalation), as it allows local users to achieve system-level disruption through kernel-level flaws.
Mitigation strategies for CVE-2012-2372 involve multiple approaches that address both immediate protection and long-term system hardening. The most effective immediate solution is upgrading to a Linux kernel version that contains the fix, which was released in kernel version 3.7.5 and later. Organizations should implement kernel patch management procedures to ensure timely deployment of security updates. System administrators can also disable the RDS protocol entirely if it is not required for system operations, using kernel module blacklisting or configuration options to prevent loading of the vulnerable components. Additionally, monitoring systems should be configured to detect unusual network connection patterns that might indicate exploitation attempts. Network segmentation and access controls can help limit the potential impact by restricting local user access to systems that might be vulnerable. The vulnerability also highlights the importance of proper kernel input validation and assertion handling, which should be enforced through comprehensive testing and code review processes. Organizations should maintain current knowledge of kernel security advisories and implement automated vulnerability scanning to identify systems running vulnerable kernel versions.