CVE-2012-6689

7.8 HIGH

Published: May 02, 2016 Modified: May 06, 2026

Description

The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef

Source: cve@mitre.org

Patch Vendor Advisory

http://marc.info/?l=linux-netdev&m=134522422125983&w=2

Source: cve@mitre.org

Mailing List Third Party Advisory

http://marc.info/?l=linux-netdev&m=134522422925986&w=2

Source: cve@mitre.org

Mailing List Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5

Source: cve@mitre.org

Release Notes Vendor Advisory

http://www.openwall.com/lists/oss-security/2015/02/22/10

Source: cve@mitre.org

Mailing List Third Party Advisory

http://www.securityfocus.com/bid/72739

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=848949

Source: cve@mitre.org

Issue Tracking Third Party Advisory

https://github.com/torvalds/linux/commit/20e1db19db5d6b9e4e83021595eab0dc8f107bef

Source: cve@mitre.org

Third Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef