CVE-2012-6548Sensitive Information Exposure in Linux

CWE-200Sensitive Information Exposure12 documents7 sources
Severity
1.9LOWNVD
EPSS
0.0%
top 89.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxRedhat Enterprise Linux
Timeline
PublishedMar 15
Latest updateMay 14

Description

The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages3 packages

Debianlinux/linux_kernel< 3.2.41-1+3
NVDlinux/linux_kernel3.5.7+159
debiandebian/linux< linux 3.2.41-1 (bookworm)

Also affects: Enterprise Linux 6.0

Patches

Patch: www.kernel.orgPatch: www.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-ggqv-m68w-jf9j: The udf_encode_fh function in fs/udf/namei2022-05-14
OSV
CVE-2012-6548: The udf_encode_fh function in fs/udf/namei2013-03-15

📋Vendor Advisories

8
Ubuntu
Linux kernel vulnerabilities2013-05-02
Ubuntu
Linux kernel (OMAP4) vulnerabilities2013-05-02
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities2013-05-01
Ubuntu
Linux kernel (OMAP4) vulnerabilities2013-05-01
Ubuntu
Linux kernel (EC2) vulnerabilities2013-04-25

💬Community

1
Bugzilla
CVE-2012-6548 Kernel: udf: information leak on export2013-03-16