DEBIAN-CVE-2012-3520

DEBIAN-CVE-2012-3520 PUBLISHED

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

Affected Products

Vendor	Product	Versions
Debian:14	linux	0, 0, 0
Debian:13	linux	0, 0, 0
Debian:12	linux	0, 0, 0
Debian:11	linux	0, 0, 0

Timeline

Oct 3, 2012 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2012-3520 advisory

Open in Interactive Console →