CVE-2012-2313

CWE-26418 documents8 sources

Severity

1.2LOW

EPSS

0.2%

top 57.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Novell Suse Linux Enterprise Server Redhat Enterprise Linux +5 more

Timeline

PublishedJun 13

Latest updateMay 17

Description

The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.

CVSS vector

AV:L/AC:H/C:N/I:N/A:PExploitability: 1.9 | Impact: 2.9

Affected Packages5 packages

▶NVDlinux/linux_kernel3.3.6+6

▶Debianlinux< 3.2.19-1+3

▶NVDredhat/enterprise_linux_desktop5.0

▶NVDredhat/enterprise_linux_long_life5.6

▶NVDnovell/suse_linux_enterprise_server10.0

Also affects: Enterprise Linux 5, 5.6.z, 6.2, 6.1.z, 6.2.z

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-gjcc-798m-m76x: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k↗2022-05-17

▶

OSV

CVE-2012-2313: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k↗2012-06-13

▶

CVEList

CVE-2012-2313: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k↗2012-06-13

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2012-08-10

▶

Ubuntu

Linux kernel vulnerabilities↗2012-06-29

▶

Ubuntu

Linux kernel (Natty backport) vulnerabilities↗2012-06-29

▶

Ubuntu

Linux kernel (EC2) vulnerabilities↗2012-06-29

▶

Ubuntu

Linux kernel vulnerabilities↗2012-06-29

▶

💬Community

Bugzilla

CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by users [fedora-all]↗2012-05-04

▶

Bugzilla

CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by users↗2012-05-04

▶