CVE-2012-3412

kernel: sfc: potential remote denial of service through TCP MSS option

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.

El controlador sfc (también conocido como Solarflare Solarstorm) en el Kernel de Linux anteriores a v3.2.30 permite a atacantes remotos provocar una denegación de servicio (consumo de descriptor de DMA y fallo del controlador de red) a través de paquetes TCP manipulados que provocan valores MSS pequeños.

A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic). Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-06-14 CVE Reserved
2012-09-14 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2025-06-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-189: Numeric Errors
CWE-400: Uncontrolled Resource Consumption

CAPEC

References (25)

URL	Tag	Source
http://secunia.com/advisories/50633	Broken Link
http://secunia.com/advisories/50732	Broken Link
http://secunia.com/advisories/50811	Broken Link
http://secunia.com/advisories/51193	Broken Link
http://www.openwall.com/lists/oss-security/2012/08/03/4	Mailing List

URL	Date	SRC
https://github.com/torvalds/linux/commit/68cb695ccecf949d48949e72f8ce591fdaaa325c	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2012-1323.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2012-1324.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2012-1347.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2012-1375.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2012-1401.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2012-1430.html	2023-02-13
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30	2023-02-13
http://www.ubuntu.com/usn/USN-1567-1	2023-02-13
http://www.ubuntu.com/usn/USN-1568-1	2023-02-13
http://www.ubuntu.com/usn/USN-1572-1	2023-02-13
http://www.ubuntu.com/usn/USN-1575-1	2023-02-13
http://www.ubuntu.com/usn/USN-1577-1	2023-02-13
http://www.ubuntu.com/usn/USN-1578-1	2023-02-13
http://www.ubuntu.com/usn/USN-1579-1	2023-02-13
http://www.ubuntu.com/usn/USN-1580-1	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=844714	2012-11-06
https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2012-3412	2012-11-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 3.0.44 Search vendor "Linux" for product "Linux Kernel" and version " < 3.0.44"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 3.2.30 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.30"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 3.4.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.12"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 3.5.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.5.5"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				11.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "11.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				11.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "11.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		-		Affected