SecuritySpace - CVE-2012-6536

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2012-6536

Description: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-6536
http://www.openwall.com/lists/oss-security/2013/03/05/13

CVE ID:	CVE-2012-6536
Description:	net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6536 http://www.openwall.com/lists/oss-security/2013/03/05/13