Executive Summary

Informations
Name CVE-2012-3510 First vendor Publication 2012-10-03
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:C)
Cvss Base Score 5.6 Attack Range Local
Cvss Impact Score 7.8 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21297
 
Oval ID: oval:org.mitre.oval:def:21297
Title: RHSA-2012:1323: kernel security and bug fix update (Important)
Description: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.
Family: unix Class: patch
Reference(s): RHSA-2012:1323-00
CESA-2012:1323
CVE-2012-2319
CVE-2012-3412
CVE-2012-3430
CVE-2012-3510
 Version: 55
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22967
 
Oval ID: oval:org.mitre.oval:def:22967
Title: ELSA-2012:1323: kernel security and bug fix update (Important)
Description: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.
Family: unix Class: patch
Reference(s): ELSA-2012:1323-00
CVE-2012-2319
CVE-2012-3412
CVE-2012-3430
CVE-2012-3510
 Version: 21
Platform(s): Oracle Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27204
 
Oval ID: oval:org.mitre.oval:def:27204
Title: DEPRECATED: ELSA-2012-1323 -- kernel security and bug fix update (important)
Description: kernel [2.6.18-308.16.1.el5] - Revert: [fs] nfsd4: Remove check for a 32-bit cookie in nfsd4_readdir() (Eric Sandeen) [847943 784191] - Revert: [fs] add new FMODE flags: FMODE_32bithash and FMODE_64bithash (Eric Sandeen) [847943 784191] - Revert: [fs] nfsd: rename int access to int may_flags in nfsd_open() (Eric Sandeen) [847943 784191] - Revert: [fs] nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (Eric Sandeen) [847943 784191] - Revert: [fs] vfs: add generic_file_llseek_size (Eric Sandeen) [847943 784191] - Revert: [s390/ppc64] add is_compat_task() for s390 and ppc64 (Eric Sandeen) [847943 784191] - Revert: [fs] ext3: return 32/64-bit dir name hash according to usage type (Eric Sandeen) [847943 784191] - Revert: [fs] ext4: improve llseek error handling for large seek offsets (Eric Sandeen) [847943 784191] - Revert: [fs] ext4: return 32/64-bit dir name hash according to usage type (Eric Sandeen) [847943 784191] - Revert: [fs] vfs: allow custom EOF in generic_file_llseek code (Eric Sandeen) [847943 784191] - Revert: [fs] ext4: use core vfs llseek code for dir seeks (Eric Sandeen) [847943 784191] - Revert: [fs] ext3: pass custom EOF to generic_file_llseek_size() (Eric Sandeen) [847943 784191]
Family: unix Class: patch
Reference(s): ELSA-2012-1323
CVE-2012-3430
CVE-2012-2319
CVE-2012-3412
CVE-2012-3510
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27688
 
Oval ID: oval:org.mitre.oval:def:27688
Title: ELSA-2012-1323-1 -- kernel security and bug fix update (important)
Description: kernel [2.6.18-308.16.1.0.1.el5] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printks when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346]
Family: unix Class: patch
Reference(s): ELSA-2012-1323-1
CVE-2012-3430
CVE-2012-2319
CVE-2012-3412
CVE-2012-3510
 Version: 5
Platform(s): Oracle Linux 5
 Product(s): kernel
ocfs2
oracleasm
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 815

OpenVAS Exploits

Date Description
2012-10-05 Name : CentOS Update for kernel CESA-2012:1323 centos5
File : nvt/gb_CESA-2012_1323_kernel_centos5.nasl
2012-10-03 Name : RedHat Update for kernel RHSA-2012:1323-01
File : nvt/gb_RHSA-2012_1323-01_kernel.nasl

Nessus® Vulnerability Scanner

Date Description
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2012-1391-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-1832-1.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1324.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1323-1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1323.nasl - Type : ACT_GATHER_INFO
2012-10-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-8324.nasl - Type : ACT_GATHER_INFO
2012-10-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-8325.nasl - Type : ACT_GATHER_INFO
2012-10-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1323.nasl - Type : ACT_GATHER_INFO
2012-10-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121002_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-10-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1323.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3...
http://rhn.redhat.com/errata/RHSA-2012-1323.html
http://secunia.com/advisories/50811
http://www.openwall.com/lists/oss-security/2012/08/20/12
http://www.securityfocus.com/bid/55144
http://www.securitytracker.com/id?1027602
https://bugzilla.redhat.com/show_bug.cgi?id=849722
https://github.com/torvalds/linux/commit/f0ec1aaf54caddd21c259aea8b2ecfbde4ee...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Date Informations
2024-11-28 22:59:41
  • Multiple Updates
2024-11-28 12:30:47
  • Multiple Updates
2024-08-02 12:20:31
  • Multiple Updates
2024-08-02 01:06:03
  • Multiple Updates
2024-02-02 01:19:55
  • Multiple Updates
2024-02-01 12:05:54
  • Multiple Updates
2023-09-05 12:18:48
  • Multiple Updates
2023-09-05 01:05:46
  • Multiple Updates
2023-09-02 12:18:49
  • Multiple Updates
2023-09-02 01:05:52
  • Multiple Updates
2023-08-12 12:22:37
  • Multiple Updates
2023-08-12 01:05:52
  • Multiple Updates
2023-08-11 12:18:56
  • Multiple Updates
2023-08-11 01:06:03
  • Multiple Updates
2023-08-06 12:18:12
  • Multiple Updates
2023-08-06 01:05:53
  • Multiple Updates
2023-08-04 12:18:17
  • Multiple Updates
2023-08-04 01:05:56
  • Multiple Updates
2023-07-14 12:18:16
  • Multiple Updates
2023-07-14 01:05:50
  • Multiple Updates
2023-03-29 01:20:12
  • Multiple Updates
2023-03-28 12:05:58
  • Multiple Updates
2023-02-13 09:28:39
  • Multiple Updates
2023-02-02 21:28:41
  • Multiple Updates
2022-10-11 12:16:19
  • Multiple Updates
2022-10-11 01:05:33
  • Multiple Updates
2022-03-11 01:13:17
  • Multiple Updates
2021-05-04 12:21:08
  • Multiple Updates
2021-04-22 01:25:14
  • Multiple Updates
2020-08-08 01:07:52
  • Multiple Updates
2020-07-30 01:08:16
  • Multiple Updates
2020-05-23 01:49:16
  • Multiple Updates
2020-05-23 00:34:12
  • Multiple Updates
2019-01-25 12:04:49
  • Multiple Updates
2018-10-30 12:05:11
  • Multiple Updates
2016-06-30 21:34:51
  • Multiple Updates
2016-06-29 00:27:05
  • Multiple Updates
2016-06-28 19:13:10
  • Multiple Updates
2016-04-26 22:05:35
  • Multiple Updates
2015-05-21 13:29:33
  • Multiple Updates
2014-11-08 13:30:15
  • Multiple Updates
2014-02-17 11:11:50
  • Multiple Updates
2013-05-10 22:42:39
  • Multiple Updates
2013-04-19 13:20:50
  • Multiple Updates
2013-02-07 13:20:22
  • Multiple Updates
2013-02-01 13:20:23
  • Multiple Updates
2013-01-30 13:22:10
  • Multiple Updates