CVE-2013-2141

Kernel: signal: information leak in tkill/tgkill

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.

La función do_tkill en kernel/signal.c en el kernel de Linux anterior a v3.8.9 no inicializa cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de aplicaciones manipuladas que realizan llamadas al sistema (1) tkill o (2) tgkill.

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller implementation. A privileged guest user could use this flaw to crash the host.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-19 CVE Reserved
2013-06-07 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-399: Resource Management Errors

CAPEC

References (13)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f	X_refsource_confirm
http://secunia.com/advisories/55055	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2013/06/04/10	Mailing List

URL	Date	SRC
https://github.com/torvalds/linux/commit/b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2013-1801.html	2023-02-13
http://www.debian.org/security/2013/dsa-2766	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176	2023-02-13
http://www.ubuntu.com/usn/USN-1899-1	2023-02-13
http://www.ubuntu.com/usn/USN-1900-1	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=970873	2013-12-12
https://access.redhat.com/security/cve/CVE-2013-2141	2013-12-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 3.8.8 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.8.8"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.8.0 Search vendor "Linux" for product "Linux Kernel" and version "3.8.0"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.8.1 Search vendor "Linux" for product "Linux Kernel" and version "3.8.1"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.8.2 Search vendor "Linux" for product "Linux Kernel" and version "3.8.2"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.8.3 Search vendor "Linux" for product "Linux Kernel" and version "3.8.3"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.8.4 Search vendor "Linux" for product "Linux Kernel" and version "3.8.4"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.8.5 Search vendor "Linux" for product "Linux Kernel" and version "3.8.5"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.8.6 Search vendor "Linux" for product "Linux Kernel" and version "3.8.6"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.8.7 Search vendor "Linux" for product "Linux Kernel" and version "3.8.7"		-		Affected