CVE-2012-6136

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
redhattuned
2.10.0
redhatenterprise_linux
6.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tuned
bookworm
2.20.0-1
fixed
bullseye
2.15.0-1
fixed
sid
2.24.0-1
fixed
trixie
2.24.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tuned
precise
dne
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
tuned
RHEL 6
0:0.2.19-11.el6
fixed
tuned-utils
RHEL 6
0:0.2.19-11.el6
fixed
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136
https://security-tracker.debian.org/tracker/CVE-2012-6136
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136
https://security-tracker.debian.org/tracker/CVE-2012-6136