CVE-2013-3301

Linux Kernel 3.2.1 - Tracing Multiple Local Denial of Service Vulnerabilities

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.

La implementacion ftrace en Linux Kernel anterior a v3.8.8 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) o posiblemente tener otro impacto no especificado a través del aprovechamiento de la capacidad CAP_SYS_ADMIN para el acceso de escritura a los ficheros (1) set_ftrace_pid o (2) set_graph_function y luego hacer una llamada al sistema "lseek".

Multiple vulnerabilities has been found and corrected in the Linux kernel. net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Local

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-04-15 First Exploit
2013-04-28 CVE Reserved
2013-04-29 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (14)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8	Mailing List
http://www.openwall.com/lists/oss-security/2013/04/15/1	Mailing List

URL	Date	SRC
https://www.exploit-db.com/exploits/38465	2013-04-15
https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html	2024-02-02
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html	2024-02-02
http://rhn.redhat.com/errata/RHSA-2013-1051.html	2024-02-02
http://www.ubuntu.com/usn/USN-1834-1	2024-02-02
http://www.ubuntu.com/usn/USN-1835-1	2024-02-02
http://www.ubuntu.com/usn/USN-1836-1	2024-02-02
http://www.ubuntu.com/usn/USN-1838-1	2024-02-02
https://bugzilla.redhat.com/show_bug.cgi?id=952197	2013-09-16
https://access.redhat.com/security/cve/CVE-2013-3301	2013-09-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 3.2.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.44"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 3.4.49 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.49"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 3.8.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.8.8"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"				2.0 Search vendor "Redhat" for product "Enterprise Mrg" and version "2.0"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				11 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise High Availability Extension Search vendor "Suse" for product "Linux Enterprise High Availability Extension"				11 Search vendor "Suse" for product "Linux Enterprise High Availability Extension" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp3, vmware		Affected