Unvalidated dst_pid Field in netlink_sendmsg Function Allows for Netlink Message Spoofing

Unvalidated dst_pid Field in netlink_sendmsg Function Allows for Netlink Message Spoofing

CVE-2012-6689 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.