Upstream information

CVE-2012-3520 at MITRE

Description

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 1.85
Vector AV:L/AC:M/Au:N/C:N/I:P/A:N
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 776925 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 12 SP1
  • kernel-default >= 4.1.13-2.1
  • kernel-default-base >= 4.1.13-2.1
  • kernel-default-devel >= 4.1.13-2.1
  • kernel-default-man >= 3.12.49-11.1
  • kernel-devel >= 4.1.13-2.1
  • kernel-macros >= 4.1.13-2.1
  • kernel-source >= 4.1.13-2.1
  • kernel-syms >= 4.1.13-2.1
  • kernel-xen >= 3.12.49-11.1
  • kernel-xen-base >= 3.12.49-11.1
  • kernel-xen-devel >= 3.12.49-11.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA kernel-default
SUSE Linux Enterprise Software Development Kit 12 SP1
  • kernel-docs >= 4.1.13-2.2
  • kernel-obs-build >= 4.1.13-2.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA kernel-docs
openSUSE 13.2
  • kernel-default >= 3.16.6-2.1
  • kernel-default-devel >= 3.16.6-2.1
  • kernel-desktop >= 3.16.6-2.1
  • kernel-desktop-devel >= 3.16.6-2.1
  • kernel-devel >= 3.16.6-2.1
  • kernel-docs >= 3.16.6-2.1
  • kernel-macros >= 3.16.6-2.1
  • kernel-pae >= 3.16.6-2.1
  • kernel-pae-base >= 3.16.6-2.1
  • kernel-pae-devel >= 3.16.6-2.1
  • kernel-source >= 3.16.6-2.1
  • kernel-syms >= 3.16.6-2.1
  • kernel-xen >= 3.16.6-2.1
  • kernel-xen-devel >= 3.16.6-2.1
Patchnames:
openSUSE 13.2 GA kernel-default
openSUSE Leap 42.1
  • kernel-default >= 4.1.12-1.1
  • kernel-default-devel >= 4.1.12-1.1
  • kernel-devel >= 4.1.12-1.1
  • kernel-docs >= 4.1.12-1.1
  • kernel-macros >= 4.1.12-1.1
  • kernel-pv-devel >= 4.1.12-1.1
  • kernel-source >= 4.1.12-1.1
  • kernel-syms >= 4.1.12-1.1
  • kernel-xen >= 4.1.12-1.1
  • kernel-xen-devel >= 4.1.12-1.1
Patchnames:
openSUSE Leap 42.1 GA kernel-default
openSUSE Tumbleweed
  • kernel-debug >= 4.8.13-1.1
  • kernel-debug-base >= 4.8.13-1.1
  • kernel-debug-devel >= 4.8.13-1.1
  • kernel-default >= 4.8.13-1.1
  • kernel-default-base >= 4.8.13-1.1
  • kernel-default-devel >= 4.8.13-1.1
  • kernel-devel >= 4.8.13-1.1
  • kernel-docs >= 4.8.13-1.1
  • kernel-docs-html >= 4.8.13-1.1
  • kernel-docs-pdf >= 4.8.13-1.1
  • kernel-macros >= 4.8.13-1.1
  • kernel-obs-build >= 4.8.13-1.1
  • kernel-obs-qa >= 4.8.13-1.1
  • kernel-pae >= 4.8.13-1.1
  • kernel-pae-base >= 4.8.13-1.1
  • kernel-pae-devel >= 4.8.13-1.1
  • kernel-source >= 4.8.13-1.1
  • kernel-source-vanilla >= 4.8.13-1.1
  • kernel-syms >= 4.8.13-1.1
  • kernel-syzkaller >= 4.8.13-1.1
  • kernel-syzkaller-base >= 4.8.13-1.1
  • kernel-syzkaller-devel >= 4.8.13-1.1
  • kernel-vanilla >= 4.8.13-1.1
  • kernel-vanilla-base >= 4.8.13-1.1
  • kernel-vanilla-devel >= 4.8.13-1.1
Patchnames:
openSUSE Tumbleweed GA kernel-debug