Vulnerability Name:

CVE-2012-2390 (CCN-76281)

Assigned:2012-05-17
Published:2012-05-17
Updated:2023-02-13
Summary:Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.9 Medium (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-401
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-2390

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Linux Kernel GIT Repository
hugetlb: fix resv_map leak in error path

Source: CCN
Type: RHSA-2012-1150
Moderate: kernel-rt security and bug fix update

Source: CCN
Type: RHSA-2012-1304
Moderate: kernel security and bug fix update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 83185
Linux Kernel mm/hugetlb.c Invalid MAP_HUGETLB mmap Operation Handling Memory Exhaustion Local DoS

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 824345
CVE-2012-2390 kernel: huge pages: memory leak on mmap failure

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
kernel-hugetlb-dos(76281)

Source: secalert@redhat.com
Type: Exploit, Patch
secalert@redhat.com

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*
  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*
  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.4:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20122390
    V
    CVE-2012-2390
    2022-05-20
    oval:org.opensuse.security:def:42338
    P
    Security update for wireshark (Moderate)
    2022-02-14
    oval:org.opensuse.security:def:33112
    P
    Security update for python-numpy (Moderate) (in QA)
    2022-01-17
    oval:org.opensuse.security:def:33063
    P
    Security update for xorg-x11-server (Important)
    2021-12-14
    oval:org.opensuse.security:def:32240
    P
    Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (Important)
    2021-12-14
    oval:org.opensuse.security:def:31716
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:26181
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:31708
    P
    Security update for webkit2gtk3 (Important)
    2021-11-23
    oval:org.opensuse.security:def:32218
    P
    Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-11-19
    oval:org.opensuse.security:def:26160
    P
    Security update for binutils (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:26139
    P
    Security update for libvirt (Moderate)
    2021-10-04
    oval:org.opensuse.security:def:33006
    P
    Security update for openssl (Low)
    2021-09-20
    oval:org.opensuse.security:def:32174
    P
    Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-08-25
    oval:org.opensuse.security:def:32152
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-07-27
    oval:org.opensuse.security:def:31642
    P
    Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:32113
    P
    Security update for qemu (Important)
    2021-06-08
    oval:org.opensuse.security:def:42571
    P
    kernel-default-3.0.101-63.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36164
    P
    kernel-default-3.0.101-63.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36428
    P
    kernel-docs-3.0.101-63.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:31631
    P
    Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:31630
    P
    Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:26058
    P
    Security update for postgresql10 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:26055
    P
    Security update for hivex (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:26053
    P
    Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:31616
    P
    Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:32084
    P
    Security update for gdm (Important)
    2021-04-28
    oval:org.opensuse.security:def:33895
    P
    Security update for sudo (Important)
    2021-04-20
    oval:org.opensuse.security:def:32895
    P
    Security update for cifs-utils (Moderate)
    2021-04-13
    oval:org.opensuse.security:def:32064
    P
    Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:26213
    P
    Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:33088
    P
    Security update for MozillaFirefox (Important)
    2021-03-01
    oval:org.opensuse.security:def:26199
    P
    Security update for ImageMagick (Moderate)
    2021-02-25
    oval:org.opensuse.security:def:26111
    P
    Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:25977
    P
    Security update for openssl-1_1 (Important)
    2020-12-10
    oval:org.opensuse.security:def:32008
    P
    Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2020-12-07
    oval:org.opensuse.security:def:35931
    P
    kernel-default-3.0.76-0.11.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:27831
    P
    Security update for lxc
    2020-12-01
    oval:org.opensuse.security:def:28035
    P
    Fixing security issues on OBS toolchain (Important)
    2020-12-01
    oval:org.opensuse.security:def:28412
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28569
    P
    Security update for lcms
    2020-12-01
    oval:org.opensuse.security:def:28457
    P
    Security update for xen (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28814
    P
    Security update for procmail
    2020-12-01
    oval:org.opensuse.security:def:29108
    P
    Security update for java-1_6_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:29843
    P
    Security update for Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:31410
    P
    Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31765
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32856
    P
    evolution-data-server on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31940
    P
    Recommended update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32296
    P
    Security update for procmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32450
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:32387
    P
    Security update for tomcat6 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32612
    P
    w3m on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33174
    P
    libproxy0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25481
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25685
    P
    Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25789
    P
    Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:26431
    P
    Security update for tor (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27162
    P
    kernel-default on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25989
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26319
    P
    Security update for kde-cli-tools5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26656
    P
    zoo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27391
    P
    e2fsprogs-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27832
    P
    Security update for lxc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28119
    P
    Security update for gstreamer-0_10-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28465
    P
    Security update for xorg-x11-libXdmcp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28613
    P
    Security update for xorg-x11-server
    2020-12-01
    oval:org.opensuse.security:def:28377
    P
    Security update for quagga (Important)
    2020-12-01
    oval:org.opensuse.security:def:28588
    P
    Security update for Mozilla NSS
    2020-12-01
    oval:org.opensuse.security:def:28966
    P
    Security update for openssh (Critical)
    2020-12-01
    oval:org.opensuse.security:def:29125
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31484
    P
    Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:31852
    P
    Recommended udpate for SUSE Manager Client Tools (Low)
    2020-12-01
    oval:org.opensuse.security:def:31997
    P
    Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32345
    P
    Security update for spice (Important)
    2020-12-01
    oval:org.opensuse.security:def:32388
    P
    Security update for tomcat6 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32706
    P
    libcap-progs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33218
    P
    openssh on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25482
    P
    Security update for man (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25766
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:26257
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25713
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25917
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:26290
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26445
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26403
    P
    Security update for ffmpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26695
    P
    fetchmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27426
    P
    kernel-docs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27843
    P
    Security update for net-snmp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28176
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:28514
    P
    Security update for openssl1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29251
    P
    Security update for syslog-ng (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28378
    P
    Security update for quagga (Important)
    2020-12-01
    oval:org.opensuse.security:def:28673
    P
    Security update for MozillaFirefox, mozilla-nspr (Important)
    2020-12-01
    oval:org.opensuse.security:def:29020
    P
    Security update for resource-agents (Important)
    2020-12-01
    oval:org.opensuse.security:def:29169
    P
    Security update for mailman (Important)
    2020-12-01
    oval:org.opensuse.security:def:31398
    P
    Security update for perl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32384
    P
    Security update for tiff (Low)
    2020-12-01
    oval:org.opensuse.security:def:33127
    P
    kernel-default on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32399
    P
    Security update for unzip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32763
    P
    pam_ldap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33856
    P
    Security update for inst-source-utils
    2020-12-01
    oval:org.opensuse.security:def:25493
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25823
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26895
    P
    findutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25714
    P
    Security update for libpng16 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25998
    P
    Security update for libreoffice (Important)
    2020-12-01
    oval:org.opensuse.security:def:26343
    P
    Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:26489
    P
    Security update for php7-imagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26554
    P
    ghostscript-fonts-other on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26709
    P
    gmime on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27907
    P
    Security update for Xen
    2020-12-01
    oval:org.opensuse.security:def:28260
    P
    Security update for lynx (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28553
    P
    Security update for flash-player
    2020-12-01
    oval:org.opensuse.security:def:29287
    P
    Security update for Real Time Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:28389
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:28730
    P
    Security update for krb5
    2020-12-01
    oval:org.opensuse.security:def:29069
    P
    Security update for clamav (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29807
    P
    Security update for jakarta-commons-collections (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31399
    P
    Security update for perl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31848
    P
    Security update for clamav (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32406
    P
    Security update for wavpack (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32477
    P
    Security update for zlib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32850
    P
    e2fsprogs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33151
    P
    libgcrypt11 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25557
    P
    Security update for transfig (Low)
    2020-12-01
    oval:org.opensuse.security:def:25907
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26930
    P
    kernel-default on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25725
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26392
    P
    Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:27127
    P
    freetype2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25978
    P
    Security update for tcpdump, libpcap (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26262
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26607
    P
    libvorbis on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26753
    P
    libmysqlclient15-32bit on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:27648
    P
    ELSA-2012-2035 -- Unbreakable Enterprise kernel security update (moderate)
    2015-03-16
    oval:org.mitre.oval:def:27254
    P
    ELSA-2012-2034 -- Unbreakable Enterprise kernel Security update (moderate)
    2014-12-15
    oval:org.mitre.oval:def:17677
    P
    USN-1515-1 -- linux vulnerability
    2014-07-21
    oval:org.mitre.oval:def:17841
    P
    USN-1531-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18104
    P
    USN-1533-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:17122
    P
    USN-1535-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:17895
    P
    USN-1538-1 -- linux-lts-backport-natty vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:17617
    P
    USN-1539-1 -- linux-lts-backport-oneiric vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:17948
    P
    USN-1508-1 -- linux-ti-omap4 vulnerability
    2014-06-30
    oval:org.mitre.oval:def:18007
    P
    USN-1534-1 -- linux-ec2 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:23789
    P
    ELSA-2012:1304: kernel security and bug fix update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21577
    P
    RHSA-2012:1304: kernel security and bug fix update (Moderate)
    2014-02-24
    oval:com.redhat.rhsa:def:20121304
    P
    RHSA-2012:1304: kernel security and bug fix update (Moderate)
    2012-09-25
    oval:com.ubuntu.precise:def:20122390000
    V
    CVE-2012-2390 on Ubuntu 12.04 LTS (precise) - low.
    2012-06-13
    oval:com.ubuntu.trusty:def:20122390000
    V
    CVE-2012-2390 on Ubuntu 14.04 LTS (trusty) - low.
    2012-06-13
    oval:com.ubuntu.xenial:def:201223900000000
    V
    CVE-2012-2390 on Ubuntu 16.04 LTS (xenial) - low.
    2012-06-13
    oval:com.ubuntu.xenial:def:20122390000
    V
    CVE-2012-2390 on Ubuntu 16.04 LTS (xenial) - low.
    2012-06-13
    BACK
    linux linux kernel 3.4.1
    linux linux kernel 3.4
    linux linux kernel 3.4 rc7
    linux linux kernel 3.4 rc6
    linux linux kernel 3.4 rc5
    linux linux kernel 3.4 rc4
    linux linux kernel 3.4 rc3
    linux linux kernel 3.4 rc2
    linux linux kernel 3.4 rc1
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6
    redhat enterprise mrg 2.0