CVE-2012-6689

Published: May 2, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.

Affected (4)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.0.44
Linux Linux Kernel	From 3.1 to 3.2.30
Linux Linux Kernel	From 3.3 to 3.4.12
Linux Linux Kernel	From 3.5 to 3.5.5

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (16)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef

Source: cve@mitre.org

PatchVendor Advisory

http://marc.info/?l=linux-netdev&m=134522422125983&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=linux-netdev&m=134522422925986&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5

Source: cve@mitre.org

Release NotesVendor Advisory

http://www.openwall.com/lists/oss-security/2015/02/22/10

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/72739

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=848949

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/20e1db19db5d6b9e4e83021595eab0dc8f107bef

Source: cve@mitre.org

Third Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef