You are here

CVE-2012-5532

Vincent (CVE) Danen's picture
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.

Details Source

Mitre

Statement

The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Public Date

2012-06-06 00:00:00

Impact

Low

Bugzilla

CVE-2012-5532 hypervkvpd: Netlink source address validation allows denial of service

Bugzilla ID

877 572

CVSS Status

verified

Base Score

2.10

Base Metrics

AV:L/AC:L/Au:N/C:N/I:N/A:P

Acknowledgements

This issue was discovered by Florian Weimer of the Red Hat Product Security Team.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (hypervkvpd) RHSA-2013:0807 2013-05-09
Red Hat Enterprise Linux Virtualization 5 (hypervkvpd) RHSA-2013:0807 2013-05-09

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 hypervkvpd Not affected