Upstream information

CVE-2012-3364 at MITRE

Description

Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Note from the SUSE Security Team

The NFC networking stack was added after Linux kernel 3.0, so no SUSE Linux Enterprise product is affected by this problem.

SUSE Bugzilla entry: 769171 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.