CVE-2012-2313
kernel: unfiltered netdev rio_ioctl access by users
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
La función rio_ioctl de drivers/net/ethernet/dlink/dl2k.c del kernel de Linux en versiones anteriores a la 3.3.7 no restringe el acceso al comando SIOCSMIIREG, lo que permite a usuarios locales escribir datos a un adaptador Ethernet a través de una llamada ioctl.
Potential vulnerabilities have been identified with HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment. The vulnerabilities could be exploited remotely affecting confidentiality, integrity and availability. Revision 1 of this advisory.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-04-19 CVE Reserved
- 2012-06-13 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1bb57e940e1958e40d51f2078f50c3a96a9b2d75 | X_refsource_confirm | |
| http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.7 | Release Notes | |
| http://www.openwall.com/lists/oss-security/2012/05/04/8 | Mailing List |
|
| http://www.securityfocus.com/bid/53965 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/torvalds/linux/commit/1bb57e940e1958e40d51f2078f50c3a96a9b2d75 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html | 2023-02-13 | |
| http://marc.info/?l=bugtraq&m=139447903326211&w=2 | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2012-1174.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2012-1481.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2012-1541.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2012-1589.html | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=818820 | 2012-12-18 | |
| https://access.redhat.com/security/cve/CVE-2012-2313 | 2012-12-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.3.6 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.3.6" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3 Search vendor "Linux" for product "Linux Kernel" and version "3.3" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3 Search vendor "Linux" for product "Linux Kernel" and version "3.3" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3 Search vendor "Linux" for product "Linux Kernel" and version "3.3" | rc2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3 Search vendor "Linux" for product "Linux Kernel" and version "3.3" | rc3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3 Search vendor "Linux" for product "Linux Kernel" and version "3.3" | rc4 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3 Search vendor "Linux" for product "Linux Kernel" and version "3.3" | rc5 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3 Search vendor "Linux" for product "Linux Kernel" and version "3.3" | rc6 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3 Search vendor "Linux" for product "Linux Kernel" and version "3.3" | rc7 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3.1 Search vendor "Linux" for product "Linux Kernel" and version "3.3.1" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3.2 Search vendor "Linux" for product "Linux Kernel" and version "3.3.2" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3.3 Search vendor "Linux" for product "Linux Kernel" and version "3.3.3" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3.4 Search vendor "Linux" for product "Linux Kernel" and version "3.3.4" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.3.5 Search vendor "Linux" for product "Linux Kernel" and version "3.3.5" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Suse Linux Enterprise Server Search vendor "Novell" for product "Suse Linux Enterprise Server" | 10.0 Search vendor "Novell" for product "Suse Linux Enterprise Server" and version "10.0" | sp4, ltss |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5 Search vendor "Redhat" for product "Enterprise Linux" and version "5" | server |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0" | client |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 5.6.z Search vendor "Redhat" for product "Enterprise Linux Eus" and version "5.6.z" | server |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Long Life Search vendor "Redhat" for product "Enterprise Linux Long Life" | 5.6 Search vendor "Redhat" for product "Enterprise Linux Long Life" and version "5.6" | server |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 6.1.z Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "6.1.z" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 6.2.z Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "6.2.z" | - |
Affected
| ||||||