VIR Vulnerability Intelligence Relay

CVE-2012-2313

low
Published 2012-06-13 · Modified 2026-04-29
CVSS v3
CVSS v2
1.2
VIR risk
1.2

Description

The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-2313

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/torvalds/linux/commit/1bb57e940e1958e40d51f2078f50c3a96a9b2d75

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.7

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed3.2.19-1
debian debianbullseyefixed3.2.19-1
debian debianforkyfixed3.2.19-1
debian debiansidfixed3.2.19-1
debian debiantrixiefixed3.2.19-1
linux linux-kernelaffected
linux linux-kernel3.3affected
linux linux-kernel3.3.1affected
linux linux-kernel3.3.2affected
linux linux-kernel3.3.3affected
linux linux-kernel3.3.4affected
linux linux-kernel3.3.5affected
suse suse10.0affected
redhat rhel5affected
redhat rhel5.0affected
redhat rhel5.6.zaffected

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.