CVE-2012-4467

Published: 10 October 2012

The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
Patches:
Introduced by 644595f89620ba8446cc555be336d24a34464950
Fixed by ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
linux-linaro-omap
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
linux-linaro-shared
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
linux-linaro-vexpress
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
linux-qcm-msm
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (3.6~rc5)

Notes

AuthorNote
jdstrand
linux-armadaxp is maintained by OEM
mdeslaur
introduced in 644595f89620, fixed in ed6fe9d614f
arch-specific, need to check if any of ours are affected

References

Bugs