CVE-2012-2313
Public on 2012-05-21
Modified on 2014-09-14
Description
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | 2012-10-08 | ALAS-2012-133 | Fixed |
| Amazon Linux 1 | kernel | 2012-05-21 | ALAS-2012-78 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 1.2 | AV:L/AC:H/Au:N/C:N/I:N/A:P |
| NVD | CVSSv2 | 1.2 | AV:L/AC:H/Au:N/C:N/I:N/A:P |