CVE-2013-1872
Mesa: Memory corruption (OOB read/write) on intel drivers
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.
Los controladores Intel en Mesa 8.0.x y 9.0.x, permiten a atacantes dependientes del contexto provocar una denegación de servicio (caída y afirmación accesible) y posiblemente la ejecución de código arbitrario a través de vectores que involucran a los gráficos 3D que provocar un acceso a una matriz fuera de rango, relacionado con la función fs_visitor::remove_dead_constants. NOTA: esta vulnerabilidad podría estar relacionada con el CVE-2013-0796.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2013-06-03 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://advisories.mageia.org/MGASA-2013-0190.html | X_refsource_confirm | |
| http://www.securityfocus.com/bid/60285 | Vdb Entry | |
| https://bugs.freedesktop.org/show_bug.cgi?id=59429 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00014.html | 2023-11-07 | |
| http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00019.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2013-0897.html | 2023-11-07 | |
| http://www.debian.org/security/2013/dsa-2704 | 2023-11-07 | |
| http://www.ubuntu.com/usn/USN-1888-1 | 2023-11-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=923584 | 2013-06-03 | |
| https://access.redhat.com/security/cve/CVE-2013-1872 | 2013-06-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mesa3d Search vendor "Mesa3d" | Mesa Search vendor "Mesa3d" for product "Mesa" | 9.0 Search vendor "Mesa3d" for product "Mesa" and version "9.0" | - |
Affected
| ||||||
| Mesa3d Search vendor "Mesa3d" | Mesa Search vendor "Mesa3d" for product "Mesa" | 9.0.1 Search vendor "Mesa3d" for product "Mesa" and version "9.0.1" | - |
Affected
| ||||||
| Mesa3d Search vendor "Mesa3d" | Mesa Search vendor "Mesa3d" for product "Mesa" | 9.0.2 Search vendor "Mesa3d" for product "Mesa" and version "9.0.2" | - |
Affected
| ||||||
| Mesa3d Search vendor "Mesa3d" | Mesa Search vendor "Mesa3d" for product "Mesa" | 9.0.3 Search vendor "Mesa3d" for product "Mesa" and version "9.0.3" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 13.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "13.04" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 12.2 Search vendor "Opensuse" for product "Opensuse" and version "12.2" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 12.3 Search vendor "Opensuse" for product "Opensuse" and version "12.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||
| Mesa3d Search vendor "Mesa3d" | Mesa Search vendor "Mesa3d" for product "Mesa" | 8.0 Search vendor "Mesa3d" for product "Mesa" and version "8.0" | - |
Affected
| ||||||
| Mesa3d Search vendor "Mesa3d" | Mesa Search vendor "Mesa3d" for product "Mesa" | 8.0.1 Search vendor "Mesa3d" for product "Mesa" and version "8.0.1" | - |
Affected
| ||||||
| Mesa3d Search vendor "Mesa3d" | Mesa Search vendor "Mesa3d" for product "Mesa" | 8.0.2 Search vendor "Mesa3d" for product "Mesa" and version "8.0.2" | - |
Affected
| ||||||
| Mesa3d Search vendor "Mesa3d" | Mesa Search vendor "Mesa3d" for product "Mesa" | 8.0.3 Search vendor "Mesa3d" for product "Mesa" and version "8.0.3" | - |
Affected
| ||||||
| Mesa3d Search vendor "Mesa3d" | Mesa Search vendor "Mesa3d" for product "Mesa" | 8.0.4 Search vendor "Mesa3d" for product "Mesa" and version "8.0.4" | - |
Affected
| ||||||
| Mesa3d Search vendor "Mesa3d" | Mesa Search vendor "Mesa3d" for product "Mesa" | 8.0.5 Search vendor "Mesa3d" for product "Mesa" and version "8.0.5" | - |
Affected
| ||||||