CVE-2012-6537 — Sensitive Information Exposure in Linux

CWE-200 — Sensitive Information Exposure15 documents7 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 70.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux

Timeline

PublishedMar 15

Latest updateMay 14

Description

net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages3 packages

▶Debianlinux/linux_kernel< 3.2.32-1+3

▶NVDlinux/linux_kernel3.5.7+159

▶debiandebian/linux< linux 3.2.32-1 (bookworm)

Also affects: Enterprise Linux 5, 6.0

Patches

Patch: www.kernel.org ↗Patch: www.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-ffp2-8pxq-qc9h: net/xfrm/xfrm_user↗2022-05-14

▶

OSV

CVE-2012-6537: net/xfrm/xfrm_user↗2013-03-15

▶

📋Vendor Advisories

Ubuntu

Linux kernel (EC2) vulnerabilities↗2013-04-09

▶

Ubuntu

Linux kernel vulnerabilities↗2013-04-08

▶

Ubuntu

Linux kernel vulnerabilities↗2012-11-30

▶

Ubuntu

Linux kernel vulnerabilities↗2012-11-30

▶

Ubuntu

Linux kernel vulnerabilities↗2012-11-30

▶

💬Community

Bugzilla

CVE-2012-6537 Kernel: xfrm_user information leaks copy_to_user_↗2013-03-16

▶