CVE-2012-2372
Description
The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
CVE-2012-2372 NameCVE-2012-2372 DescriptionThe rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated byโฆ
CVE-2012-2372
| Name | CVE-2012-2372 |
| Description | The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| linux (PTS) | bullseye | 5.10.223-1 | fixed |
| bullseye (security) | 5.10.257-1 | fixed | |
| bookworm | 6.1.170-3 | fixed | |
| bookworm (security) | 6.1.172-1 | fixed | |
| trixie | 6.12.86-1 | fixed | |
| trixie (security) | 6.12.90-1 | fixed | |
| forky | 7.0.9-1 | fixed | |
| sid | 7.0.10-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| linux | source | wheezy | 3.2.53-1 | |||
| linux | source | (unstable) | 3.11.10-1 | unimportant |
Notes
rds is not included in distributed kernel images, only marked as "experimental"
Apply commands
rds is not included in distributed kernel images, only marked as "experimental"OS impact
Linux kernel Affected 5 releases
| Version | Status | Fixed in |
|---|---|---|
| 3.7.3 | Affected | โ |
| 3.7.2 | Affected | โ |
| 3.7.1 | Affected | โ |
| 3.7 | Affected | โ |
| โ | Affected | โ |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 3.11.10-1 |
| sid | Fixed | 3.11.10-1 |
| forky | Fixed | 3.11.10-1 |
| bullseye | Fixed | 3.11.10-1 |
| bookworm | Fixed | 3.11.10-1 |
References
- http://marc.info/?l=bugtraq&m=139447903326211&w=2
- http://rhn.redhat.com/errata/RHSA-2012-0743.html
- http://rhn.redhat.com/errata/RHSA-2012-1540.html
- http://ubuntu.com/usn/usn-1529-1
- http://www.securityfocus.com/bid/54062
- http://www.ubuntu.com/usn/USN-1555-1
- http://www.ubuntu.com/usn/USN-1556-1
- https://bugzilla.redhat.com/show_bug.cgi?id=822754
- https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=c7b6a0a1d8d636852be130fa15fa8be10d4704e8
- https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html
- https://security-tracker.debian.org/tracker/CVE-2012-2372
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.