CVE-2012-4508
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
21/12/2012
Last modified:
11/04/2025
Description
Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.
Impact
Base Score 2.0
1.90
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.4.15 (including) | |
| cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3Ddee1f973ca341c266229faa5a1a5bb268bed3531
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091110.html
- http://rhn.redhat.com/errata/RHSA-2012-1540.html
- http://rhn.redhat.com/errata/RHSA-2013-0496.html
- http://rhn.redhat.com/errata/RHSA-2013-1519.html
- http://rhn.redhat.com/errata/RHSA-2013-1783.html
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16
- http://www.openwall.com/lists/oss-security/2012/10/25/1
- http://www.ubuntu.com/usn/USN-1645-1
- http://www.ubuntu.com/usn/USN-1899-1
- http://www.ubuntu.com/usn/USN-1900-1
- https://bugzilla.redhat.com/show_bug.cgi?id=869904
- https://github.com/torvalds/linux/commit/dee1f973ca341c266229faa5a1a5bb268bed3531
- https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3Ddee1f973ca341c266229faa5a1a5bb268bed3531
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091110.html
- http://rhn.redhat.com/errata/RHSA-2012-1540.html
- http://rhn.redhat.com/errata/RHSA-2013-0496.html
- http://rhn.redhat.com/errata/RHSA-2013-1519.html
- http://rhn.redhat.com/errata/RHSA-2013-1783.html
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16
- http://www.openwall.com/lists/oss-security/2012/10/25/1
- http://www.ubuntu.com/usn/USN-1645-1
- http://www.ubuntu.com/usn/USN-1899-1
- http://www.ubuntu.com/usn/USN-1900-1
- https://bugzilla.redhat.com/show_bug.cgi?id=869904
- https://github.com/torvalds/linux/commit/dee1f973ca341c266229faa5a1a5bb268bed3531
- https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html