CVE-2012-3520 in Kernelinfo

Summary

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

06/14/2012

Disclosure

10/03/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-287 (Confirmed)

CVSS

7.8

EPSS

0.00085

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-3520
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3520
CVE Details	https://www.cvedetails.com/cve/CVE-2012-3520/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!