Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-4542 | First vendor Publication | 2013-02-28 |
| Vendor | Cve | Last vendor Modification | 2023-02-13 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.6 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4542 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:27362 | |||
| Oval ID: | oval:org.mitre.oval:def:27362 | ||
| Title: | DEPRECATED: ELSA-2013-0496 -- Oracle Linux 6 kernel security and bugfix update (important) | ||
| Description: | This update fixes the following security issues: * A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. (CVE-2012-4508, Important) * A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311, Important) * It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed-through as read-only. (CVE-2012-4542, Moderate) * A flaw was found in the way the xen_failsafe_callback() function in the Linux kernel handled the failed iret (interrupt return) instruction notification from the Xen hypervisor. An unprivileged user in a 32-bit para-virtualized guest could use this flaw to crash the guest. (CVE-2013-0190, Moderate) * A flaw was found in the way pmd_present() interacted with PROT_NONE memory ranges when transparent hugepages were in use. A local, unprivileged user could use this flaw to crash the system. (CVE-2013-0309, Moderate) * A flaw was found in the way CIPSO (Common IP Security Option) IP options were validated when set from user mode. A local user able to set CIPSO IP options on the socket could use this flaw to crash the system. (CVE-2013-0310, Moderate) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0496 CVE-2013-0190 CVE-2013-0309 CVE-2013-0311 CVE-2013-0310 CVE-2012-4508 CVE-2012-4542 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | kernel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27555 | |||
| Oval ID: | oval:org.mitre.oval:def:27555 | ||
| Title: | ELSA-2013-2523 -- Unbreakable Enterprise kernel security and bugfix update (important) | ||
| Description: | [2.6.39-400.23.1] - Parallel mtrr init between cpus (Zhenzhong Duan) [Orabug: 16777774] - Merge tag 'v2.6.39-400.21.1.16748891' of git://ca-git.us.oracle.com/linux-uek-2.6.39-ofed into uek-2.6.39-400 (Maxim Uvarov) [Orabug: 16748891] - xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) - Fix EN driver to work with newer FWs based on latest mlx4_core (Yuval Shaia) [Orabug: 16748891] [2.6.39-400.22.1] - block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387137] {CVE-2012-4542} - Merge tag 'v2.6.39-400.21.1#bug16684527' of git://ca-git.us.oracle.com/linux-joejin-public into uek-2.6.39-400_errata (Maxim Uvarov) [Orabug: 16684527] - KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) (Andy Honig) [Orabug: 16711660] {CVE-2013-1797} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711065] {CVE-2013-0349} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425358] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493354] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710951] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Andy Honig) [Orabug: 16710806] {CVE-2013-1796} - tmpfs: fix use-after-free of mempolicy object (Greg Thelen) [Orabug: 16515833] {CVE-2013-1767} - procfs: do not confuse jiffies with cputime64_t (Andreas Schwab) [Orabug: 16673925] - procfs: do not overflow get_{idle,iowait}_time for nohz (Michal Hocko) [Orabug: 16673925] - xen/evtchn: Handle VIRQ_TIMER before any other hardirq in event loop. (Keir Fraser) [Orabug: 16093126] - Fix device removal NULL pointer dereference (Joe Jin) [Orabug: 16684527] - put stricter guards on queue dead checks (James Bottomley) [Orabug: 16684527] | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-2523 CVE-2012-4542 | Version: | 3 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0579.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0928.nasl - Type : ACT_GATHER_INFO |
| 2014-10-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15746.nasl - Type : ACT_GATHER_INFO |
| 2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0622.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0496.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2523.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2525.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2534.nasl - Type : ACT_GATHER_INFO |
| 2013-05-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0882.nasl - Type : ACT_GATHER_INFO |
| 2013-03-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0496.nasl - Type : ACT_GATHER_INFO |
| 2013-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0496.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 01:20:31 |
|
| 2024-02-01 12:06:03 |
|
| 2023-11-22 01:17:49 |
|
| 2023-09-05 12:19:22 |
|
| 2023-09-05 01:05:56 |
|
| 2023-09-02 12:19:24 |
|
| 2023-09-02 01:06:02 |
|
| 2023-08-12 12:23:20 |
|
| 2023-08-12 01:06:03 |
|
| 2023-08-11 12:19:31 |
|
| 2023-08-11 01:06:13 |
|
| 2023-08-06 12:18:47 |
|
| 2023-08-06 01:06:03 |
|
| 2023-08-04 12:18:50 |
|
| 2023-08-04 01:06:06 |
|
| 2023-07-14 12:18:49 |
|
| 2023-07-14 01:06:00 |
|
| 2023-03-29 01:20:48 |
|
| 2023-03-28 12:06:08 |
|
| 2023-02-13 05:28:28 |
|
| 2022-10-11 12:16:48 |
|
| 2022-10-11 01:05:43 |
|
| 2022-03-11 01:13:39 |
|
| 2021-05-25 12:10:32 |
|
| 2021-05-04 12:21:37 |
|
| 2021-04-22 01:25:46 |
|
| 2020-08-11 12:08:06 |
|
| 2020-08-08 01:08:06 |
|
| 2020-08-07 12:08:14 |
|
| 2020-08-07 01:08:35 |
|
| 2020-08-01 12:08:07 |
|
| 2020-07-30 01:08:31 |
|
| 2020-05-23 01:49:43 |
|
| 2020-05-23 00:34:41 |
|
| 2019-01-25 12:04:55 |
|
| 2018-11-17 12:03:27 |
|
| 2018-10-30 12:05:17 |
|
| 2018-08-09 12:01:34 |
|
| 2018-04-25 12:04:22 |
|
| 2016-06-30 21:35:00 |
|
| 2016-06-29 00:28:01 |
|
| 2016-06-28 22:03:44 |
|
| 2016-04-26 22:15:29 |
|
| 2014-11-08 13:30:18 |
|
| 2014-10-29 13:24:30 |
|
| 2014-07-23 13:24:48 |
|
| 2014-02-17 11:13:22 |
|
| 2013-06-21 13:19:20 |
|
| 2013-06-15 13:18:33 |
|
| 2013-05-10 22:46:19 |
|
| 2013-03-23 13:18:27 |
|
| 2013-03-08 13:19:14 |
|
| 2013-03-05 00:19:15 |
|
| 2013-03-01 00:18:37 |
|
