CVE-2012-2375

Severity

46%

Complexity

32%

Confidentiality

115%

The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-4131.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: high. CVSS Vector: (AV:A/AC:H/Au:N/C:N/I:N/A:C).

Overview

First reported 12 years ago

2012-06-13 10:24:00

Last updated 8 years ago

2016-08-23 02:05:00

Affected Software

Linux Kernel 3.3

3.3

Linux Kernel 3.3 release candidate 1

3.3

Linux Kernel 3.3 release candidate 2

3.3

Linux Kernel 3.3 release candidate 3

3.3

Linux Kernel 3.3 release candidate 4

3.3

Linux Kernel 3.3 release candidate 5

3.3

Linux Kernel 3.3 release candidate 6

3.3

Linux Kernel 3.3 release candidate 7

3.3

Linux Kernel

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=20e0fa98b751facf9a1101edaefbc19c82616a68

Patch

HPSBGN02970

RHSA-2012:1580

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2

[oss-security] 20120518 Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131

https://bugzilla.redhat.com/show_bug.cgi?id=822869

https://github.com/torvalds/linux/commit/20e0fa98b751facf9a1101edaefbc19c82616a68

Exploit, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.