Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-6701

Опубликовано: 21 мая 2012
Источник: redhat
CVSS2: 3.6

Описание

Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.

It was found that AIO interface didn't use the proper rw_verify_area() helper function with extended functionality, for example, mandatory locking on the file. Also rw_verify_area() makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.

Отчет

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6. Future Linux kernel updates for the respective releases might address this issue. This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2 as the corresponding fix is already present.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected
Red Hat Enterprise Linux 6kernelFixedRHSA-2018:185419.06.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1314288kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access

3.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-6701

CVSS3: 7.8
ubuntu
больше 9 лет назад

Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.

nvd логотип

CVE-2012-6701

CVSS3: 7.8
nvd
больше 9 лет назад

Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.

debian логотип

CVE-2012-6701

CVSS3: 7.8
debian
больше 9 лет назад

Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows l ...

github логотип

GHSA-995g-4vmx-96wm

CVSS3: 7.8
github
больше 3 лет назад

Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.

oracle-oval логотип

ELSA-2018-1854

oracle-oval
больше 7 лет назад

ELSA-2018-1854: kernel security and bug fix update (IMPORTANT)

3.6 Low

CVSS2