CVE-2012-5532
Published: 27 December 2012
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.
From the Ubuntu security team
Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
Patches: Introduced by bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c Fixed by 95a69adab9acfc3981c504737a2b6578e4d846ef |
||
|
linux-2.6 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc1)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5532
- http://www.openwall.com/lists/oss-security/2012/11/27
- https://ubuntu.com/security/notices/USN-1696-1
- https://ubuntu.com/security/notices/USN-1698-1
- https://ubuntu.com/security/notices/USN-1699-1
- https://ubuntu.com/security/notices/USN-1700-1
- https://ubuntu.com/security/notices/USN-1704-1
- https://ubuntu.com/security/notices/USN-1720-1
- NVD
- Launchpad
- Debian