CVE-2012-3552 : Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.

Published 2012-10-03 11:02:57

Updated 2023-02-13 00:25:52

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Threat overview for CVE-2012-3552

Top countries where our scanners detected CVE-2012-3552

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2012-3552 67

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2012-3552!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2012-3552

Probability of exploitation activity in the next 30 days: 1.48%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-3552

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C	8.6	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2012-3552

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3552

https://bugzilla.redhat.com/show_bug.cgi?id=853465

853465 – (CVE-2012-3552) CVE-2012-3552 kernel: net: slab corruption due to improper synchronization around inet->opt
Issue Tracking;Patch;Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1540.html

RHSA-2012:1540 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/08/31/11

oss-security - Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt
Mailing List;Patch;Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6d8bd051c391c1c0458a30b2a7abcd939329259
https://github.com/torvalds/linux/commit/f6d8bd051c391c1c0458a30b2a7abcd939329259

inet: add RCU protection to inet->opt · torvalds/linux@f6d8bd0 · GitHub
Patch;Third Party Advisory

Products affected by CVE-2012-3552