CVE-2012-6657 — Kernel vulnerability

CWE-26411 documents8 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 68.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Novell Suse Linux Enterprise Server

Timeline

PublishedSep 28

Latest updateMay 17

Description

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages3 packages

▶Debianlinux/linux_kernel< 3.6.4-1+3

▶NVDlinux/linux_kernel3.5.6+5

▶NVDnovell/suse_linux_enterprise_server10.0, 11.0+1

🔴Vulnerability Details

GHSA

GHSA-x8x5-h6pv-r9vg: The sock_setsockopt function in net/core/sock↗2022-05-17

▶

OSV

CVE-2012-6657: The sock_setsockopt function in net/core/sock↗2014-09-28

▶

CVEList

CVE-2012-6657: The sock_setsockopt function in net/core/sock↗2014-09-28

▶

📋Vendor Advisories

Ubuntu

Linux kernel (EC2) vulnerabilities↗2013-07-04

▶

Ubuntu

Linux kernel vulnerabilities↗2013-07-04

▶

Ubuntu

Linux kernel vulnerabilities↗2012-11-30

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2012-11-30

▶

Red Hat

Kernel: net: guard tcp_set_keepalive against crash↗2012-09-24

▶

💬Community

Bugzilla

CVE-2012-6657 Kernel: net: guard tcp_set_keepalive against crash↗2014-09-15

▶