CVE-2012-2669
Published: 27 December 2012
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.
From the Ubuntu security team
It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
Patches: Introduced by cc04acf53fb1bba1e57b0d34a400ccaf498fc9be |
||
|
linux-armadaxp Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-flo Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-gke Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-lts-raring Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-mako Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-manta Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5~rc4)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2669
- https://bugzilla.novell.com/show_bug.cgi?id=761200
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c
- https://github.com/torvalds/linux/commit/bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c
- http://www.openwall.com/lists/oss-security/2012/11/27/12
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5
- http://openwall.com/lists/oss-security/2012/06/06/12
- https://ubuntu.com/security/notices/USN-1529-1
- https://ubuntu.com/security/notices/USN-1514-1
- https://ubuntu.com/security/notices/USN-1719-1
- https://ubuntu.com/security/notices/USN-1720-1
- https://ubuntu.com/security/notices/USN-1726-1
- NVD
- Launchpad
- Debian