CVE-2012-2313

Severity

12%

Complexity

19%

Confidentiality

48%

The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.

CVSS 2.0 Base Score 1.2. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:P).

Overview

Type

Linux

First reported 12 years ago

2012-06-13 10:24:00

Last updated 8 years ago

2016-09-06 13:25:00

Affected Software

Linux Kernel 3.3

3.3

Linux Kernel 3.3 release candidate 1

3.3

Linux Kernel 3.3 release candidate 2

3.3

Linux Kernel 3.3 release candidate 3

3.3

Linux Kernel 3.3 release candidate 4

3.3

Linux Kernel 3.3 release candidate 5

3.3

Linux Kernel 3.3 release candidate 6

3.3

Linux Kernel 3.3 release candidate 7

3.3

Linux Kernel 3.3.1

3.3.1

Linux Kernel 3.3.2

3.3.2

Linux Kernel 3.3.3

3.3.3

Linux Kernel 3.3.4

3.3.4

Linux Kernel 3.3.5

3.3.5

Linux Kernel

Red Hat Enterprise Linux 5 (Server)

5

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1bb57e940e1958e40d51f2078f50c3a96a9b2d75

Patch

[oss-security] 20120504 Re: CVE Request: more tight ioctl permissions in dl2k driver

Mailing List

53965

Third Party Advisory, VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=818820

Issue Tracking

https://github.com/torvalds/linux/commit/1bb57e940e1958e40d51f2078f50c3a96a9b2d75

Exploit, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.