CVE-2013-1848
kernel: ext3: format string issues
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.
fs/ext3/super.c en el kernel de Linux antes de v3.8.4 utiliza argumentos incorrectos para funciones en determinadas circunstancias relacionadas con la entrada printk, lo que permite a usuarios locales llevar a cabo ataques de formato de cadena (format-string) y, posiblemente, obtener privilegios a través de una aplicación especialmente diseñada.
Security fixes: It was found that the kernel-rt update RHBA-2012:0044 introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges. A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is available. Refer to Red Hat Knowledge Solution 373743, linked to in the References, for further information and mitigation instructions for users who are unable to immediately apply this update.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-02-19 CVE Reserved
- 2013-03-22 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-06-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (16)
URL | Tag | Source |
---|---|---|
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0c2d10dd72c5292eda7a06231056a4c972e4cc | X_refsource_confirm | |
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4 | X_refsource_confirm | |
http://www.openwall.com/lists/oss-security/2013/03/20/8 | Mailing List |
|
URL | Date | SRC |
---|---|---|
https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2013-0928.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2013-1026.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2013-1051.html | 2023-02-13 | |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 | 2023-02-13 | |
http://www.ubuntu.com/usn/USN-1809-1 | 2023-02-13 | |
http://www.ubuntu.com/usn/USN-1811-1 | 2023-02-13 | |
http://www.ubuntu.com/usn/USN-1812-1 | 2023-02-13 | |
http://www.ubuntu.com/usn/USN-1813-1 | 2023-02-13 | |
http://www.ubuntu.com/usn/USN-1814-1 | 2023-02-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=920783 | 2013-07-16 | |
https://access.redhat.com/security/cve/CVE-2013-1848 | 2013-07-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.8.3 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.8.3" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.8.0 Search vendor "Linux" for product "Linux Kernel" and version "3.8.0" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.8.1 Search vendor "Linux" for product "Linux Kernel" and version "3.8.1" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.8.2 Search vendor "Linux" for product "Linux Kernel" and version "3.8.2" | - |
Affected
|