Linux Kernel 3.4.1/3.4.2/3.4.3/3.4.4 on Linux x64 mmap_sem race condition
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.2 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Linux Kernel 3.4.1/3.4.2/3.4.3/3.4.4 on Linux x64. It has been classified as problematic. This vulnerability affects the function mmap_sem. This manipulation causes race condition.
This vulnerability is tracked as CVE-2012-2373. Moreover, an exploit is present.
Upgrading the affected component is recommended.
Details
A vulnerability classified as problematic was found in Linux Kernel 3.4.1/3.4.2/3.4.3/3.4.4 on Linux x64 (Operating System). Affected by this vulnerability is the function mmap_sem. The manipulation with an unknown input leads to a race condition vulnerability. The CWE definition for the vulnerability is CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. As an impact it is known to affect availability. The summary by CVE is:
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.
The weakness was disclosed 05/17/2012 by Ulrich Obergfell with Red Hat as not defined mailinglist post (Website). The advisory is shared at permalink.gmane.org. This vulnerability is known as CVE-2012-2373 since 04/19/2012. The exploitation appears to be difficult. An attack has to be approached locally. The requirement for exploitation is a single authentication. Technical details and also a public exploit are known.
It is possible to download the exploit at permalink.gmane.org. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 59390 (Fedora 17 : kernel-3.4.0-1.fc17 (2012-8824)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 120426 (CentOS Security Update for Kernel (CESA-2012:0743)).
Upgrading to version 3.0.34 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published 4 weeks after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (75739), Tenable (59390), SecurityFocus (BID 53614†), OSVDB (82038†) and Secunia (SA49187†). The entry VDB-4842 is pretty similar. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.7VulDB Meta Temp Score: 4.2
VulDB Base Score: 4.7
VulDB Temp Score: 4.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Race conditionCWE: CWE-362
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 59390
Nessus Name: Fedora 17 : kernel-3.4.0-1.fc17 (2012-8824)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 881125
OpenVAS Name: CentOS Update for kernel CESA-2012:0743 centos6
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Kernel 3.0.34
Patch: git.kernel.org
Timeline
04/19/2012 🔍05/17/2012 🔍
05/17/2012 🔍
05/18/2012 🔍
05/21/2012 🔍
05/21/2012 🔍
05/25/2012 🔍
06/07/2012 🔍
06/10/2012 🔍
07/10/2012 🔍
08/09/2012 🔍
03/25/2021 🔍
Sources
Vendor: kernel.orgAdvisory: permalink.gmane.org
Researcher: Ulrich Obergfell
Organization: Red Hat
Status: Not defined
Confirmation: 🔍
CVE: CVE-2012-2373 (🔍)
GCVE (CVE): GCVE-0-2012-2373
GCVE (VulDB): GCVE-100-5437
OVAL: 🔍
X-Force: 75739
SecurityFocus: 53614 - Linux Kernel CVE-2012-2373 Race Condition Local Denial of Service Vulnerability
Secunia: 49187 - Linux Kernel mmap_sem Denial of Service Vulnerability, Not Critical
OSVDB: 82038
Vulnerability Center: 35518 - Linux Kernel 2.6 Through 2.6.39-rc6 \x27read_pmd_atomic()\x27 Function Local DoS Vulnerability, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 05/25/2012 12:44Updated: 03/25/2021 06:51
Changes: 05/25/2012 12:44 (83), 04/14/2017 14:08 (10), 03/25/2021 06:51 (3)
Complete: 🔍
Cache ID: 216:2DC:103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.