CVE-2012-6542 — Sensitive Information Exposure in Linux

CWE-200 — Sensitive Information Exposure13 documents7 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 69.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux

Timeline

PublishedMar 15

Latest updateMay 14

Description

The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages3 packages

▶Debianlinux/linux_kernel< 3.2.30-1+3

▶NVDlinux/linux_kernel3.5.7+159

▶debiandebian/linux< linux 3.2.30-1 (bookworm)

Also affects: Enterprise Linux 5, 6.0

Patches

Patch: www.kernel.org ↗Patch: www.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-vwvf-8m35-552r: The llc_ui_getname function in net/llc/af_llc↗2022-05-14

▶

OSV

CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc↗2013-03-15

▶

📋Vendor Advisories

Ubuntu

Linux kernel (EC2) vulnerabilities↗2013-04-25

▶

Ubuntu

Linux kernel vulnerabilities↗2013-04-19

▶

Ubuntu

Linux kernel vulnerabilities↗2012-11-30

▶

Ubuntu

Linux kernel (Oneiric backport) vulnerabilities↗2012-11-30

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2012-11-30

▶

💬Community

Bugzilla

CVE-2012-6542 Kernel: llc: information leak via getsockname↗2013-03-16

▶