CVE-2012-3552: Race Condition
First published: Fri Aug 31 2012(Updated: )
Description of the problem: Lack proper synchronization to manipulate inet->opt ip_options can lead to system crash. Problem is that ip_make_skb() calls ip_setup_cork() and ip_setup_cork() possibly makes a copy of ipc->opt (struct ip_options), without any protection against another thread manipulating inet->opt. Another thread can change inet->opt pointer and free old one under us. Given right server application (setting socket options and processing traffic over the same socket at the same time), remote attacker could use this flaw to crash the system. More likely though, local unprivileged user could use this flaw to crash the system. Potential privilege escalation impact cannot be ruled out. Upstream fix: <a href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f6d8bd051c391c1c0458a30b2a7abcd939329259">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f6d8bd051c391c1c0458a30b2a7abcd939329259</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <3.0 | |
| Red Hat Enterprise Linux Server EUS | =6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f6d8bd051c391c1c0458a30b2a7abcd939329259
- https://rhn.redhat.com/errata/RHSA-2012-1304.html
- https://rhn.redhat.com/errata/RHSA-2012-1540.html
- https://bugzilla.redhat.com/show_bug.cgi?id=853465
- http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6d8bd051c391c1c0458a30b2a7abcd939329259
- http://rhn.redhat.com/errata/RHSA-2012-1540.html
- http://www.openwall.com/lists/oss-security/2012/08/31/11
- https://github.com/torvalds/linux/commit/f6d8bd051c391c1c0458a30b2a7abcd939329259
Frequently Asked Questions
What is the severity of CVE-2012-3552?
CVE-2012-3552 has been classified as a high severity vulnerability due to the potential for system crashes.
How do I fix CVE-2012-3552?
Fixing CVE-2012-3552 requires upgrading the Linux kernel to a version above 3.0 or applying the relevant patches provided by the Linux community.
Which software is affected by CVE-2012-3552?
CVE-2012-3552 affects the Linux kernel versions up to 3.0 and Red Hat Enterprise Linux EUS version 6.2.
What kind of issue does CVE-2012-3552 represent?
CVE-2012-3552 represents a synchronization issue that can lead to improper handling of IP options and potential system crashes.
Who reported CVE-2012-3552?
CVE-2012-3552 was reported through a bug tracking system, highlighting the lack of synchronization in the handling of IP options.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-3552
- agent/trending
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- vendor/redhat
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/6.2