{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-08-22T00:00:00", "descriptions": [{"lang": "en", "value": "The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-07T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20120822 CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/1"}, {"name": "55152", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55152"}, {"name": "openSUSE-SU-2012:1330", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "USN-1599-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1599-1"}, {"name": "USN-1610-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1610-1"}, {"name": "openSUSE-SU-2013:0261", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30"}, {"name": "50848", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50848"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850449"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.863Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20120822 CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/1"}, {"name": "55152", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55152"}, {"name": "openSUSE-SU-2012:1330", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "USN-1599-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1599-1"}, {"name": "USN-1610-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1610-1"}, {"name": "openSUSE-SU-2013:0261", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30"}, {"name": "50848", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50848"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850449"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3520", "datePublished": "2012-10-03T10:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2024-08-06T20:05:12.863Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "32E36203-AE84-444F-A6F6-36A35BB485EE", "versionEndIncluding": "3.2.29", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C37E17F7-A276-4A33-B454-751BF639EF9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.3.20:*:*:*:*:*:*:*", "matchCriteriaId": "D6ECC079-EBD4-4E01-9CAC-A4FC84F79656", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.3.21:*:*:*:*:*:*:*", "matchCriteriaId": "249C1EEB-F267-44F2-B4D9-AEFA9E578FDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.3.22:*:*:*:*:*:*:*", "matchCriteriaId": "E575B550-E957-4F68-A9FA-3EF4022028A9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.3.23:*:*:*:*:*:*:*", "matchCriteriaId": "256328E7-3F4E-49A3-9F66-6DAC1F7BE941", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.3.24:*:*:*:*:*:*:*", "matchCriteriaId": "D3E3CFEB-CF89-4697-9D3C-C1D41F5B803B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.3.25:*:*:*:*:*:*:*", "matchCriteriaId": "38F7C571-2713-402F-82CD-66B5C8A50319", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.3.26:*:*:*:*:*:*:*", "matchCriteriaId": "D582D69B-65A9-4906-9FF3-1EC7AD2AF927", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.3.27:*:*:*:*:*:*:*", "matchCriteriaId": "5D4E4BAD-E286-4F24-A786-B3DC281537B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.3.28:*:*:*:*:*:*:*", "matchCriteriaId": "293E5303-3BC2-4A01-99EE-F519E17F2CF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.3.29:*:*:*:*:*:*:*", "matchCriteriaId": "73D6DAAF-6D2C-4D33-9109-BC112170762F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.33.2:*:*:*:*:*:*:*", "matchCriteriaId": "934CBC22-864C-468F-B267-3CDE4449DA9E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "7C2658CA-56C2-494F-AC42-618EC413CBDF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*", "matchCriteriaId": "B18EC0A7-8616-4039-B98B-E1216E035B05", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33.2:*:*:*:*:*:*:*", "matchCriteriaId": "7B04F515-29A7-4D6A-AFC5-3A115F8A5918", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33.20:*:*:*:*:*:*:*", "matchCriteriaId": "9C069C17-8314-49BA-9CF5-E5F086F49381", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "99372D07-C06A-41FA-9843-6D57F99AB5AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "2B9DC110-D260-4DB4-B8B0-EF1D160ADA07", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "matchCriteriaId": "6192FE84-4D53-40D4-AF61-78CE7136141A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "matchCriteriaId": "42FEF3CF-1302-45EB-89CC-3786FE4BAC1F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "matchCriteriaId": "AE6A6B58-2C89-4DE4-BA57-78100818095C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "matchCriteriaId": "1D467F87-2F13-4D26-9A93-E0BA526FEA24", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FE348F7B-02DE-47D5-8011-F83DA9426021", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E91594EA-F0A3-41B3-A9C6-F7864FC2F229", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "9E1ECCDB-0208-48F6-B44F-16CC0ECE3503", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FBA8B5DE-372E-47E0-A0F6-BE286D509CC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "9A1CA083-2CF8-45AE-9E15-1AA3A8352E3B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "19D69A49-5290-4C5F-8157-719AD58D253D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "290BD969-42E7-47B0-B21B-06DE4865432C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "23A9E29E-DE78-4C73-9FBD-C2410F5FC8B8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "018434C9-E75F-45CB-A169-DAB4B1D864D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "DC0AC68F-EC58-4C4F-8CBC-A59ECC00CCDE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "C123C844-F6D7-471E-A62E-F756042FB1CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "A11C38BB-7FA2-49B0-AAC9-83DB387A06DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "61F3733C-E5F6-4855-B471-DF3FB823613B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "1DDCA75F-9A06-4457-9A45-38A38E7F7086", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "7AEA837E-7864-4003-8DB7-111ED710A7E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "B6FE471F-2D1F-4A1D-A197-7E46B75787E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "FDA9E6AB-58DC-4EC5-A25C-11F9D0B38BF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "DC6B8DB3-B05B-41A2-B091-342D66AAE8F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "matchCriteriaId": "958F0FF8-33EF-4A71-A0BD-572C85211DBA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "FBA39F48-B02F-4C48-B304-DA9CCA055244", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "matchCriteriaId": "1FF841F3-48A7-41D7-9C45-A8170435A5EB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "matchCriteriaId": "EF506916-A6DC-4B1E-90E5-959492AF55F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "matchCriteriaId": "B3CDAD1F-2C6A-48C0-8FAB-C2659373FA25", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "matchCriteriaId": "4FFE4B22-C96A-43D0-B993-F51EDD9C5E0E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "matchCriteriaId": "F571CC8B-B212-4553-B463-1DB01D616E8A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "matchCriteriaId": "84E3E151-D437-48ED-A529-731EEFF88567", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "matchCriteriaId": "E9E3EA3C-CCA5-4433-86E0-3D02C4757A0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "matchCriteriaId": "F7AC4F7D-9FA6-4CF1-B2E9-70BF7D4D177C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "877002ED-8097-4BB4-BB88-6FC6306C38B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager."}, {"lang": "es", "value": "La implementaci\u00f3n Netlink en el kernel Linux antes de v3.2.30, no controla correctamente los mensajes que carecen de datos SCM_CREDENTIALS, lo que podr\u00eda permitir a usuarios locales falsificar la comunicaci\u00f3n Netlink a trav\u00e9s de un mensaje elaborado, como lo demuestra un mensaje para (1) Avahi o (2) NetworkManager."}], "id": "CVE-2012-3520", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-03T11:02:57.143", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50848"}, {"source": "secalert@redhat.com", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/08/22/1"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/55152"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1599-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1610-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850449"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/50848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/08/22/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/55152"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1599-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1610-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850449"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Pablo Neira Ayuso for reporting this issue.", "affected_release": [{"advisory": "RHSA-2012:1491", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.2.33-rt50.66.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-12-04T00:00:00Z"}], "bugzilla": {"description": "kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing", "id": "850449", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850449"}, "csaw": false, "cvss": {"cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager."], "name": "CVE-2012-3520", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-3520\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-3520"], "statement": "This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 as they did not backport the commit that introduced this issue. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue.", "threat_severity": "Important"}

{}