// For flags

CVE-2013-7446

 

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

Vulnerabilidad de uso después de la liberación de la memoria en net/unix/af_unix.c en el kernel de Linux en versiones anteriores a 4.3.3 permite a usuarios locales eludir los permisos destinados al socket AF_UNIX o provocar una denegación de servicio (panic) a través de llamadas epoll_ctl manipuladas.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-11-18 CVE Reserved
  • 2015-12-18 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (53)
URL Tag Source
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c X_refsource_confirm
http://www.openwall.com/lists/oss-security/2015/11/18/16 Mailing List
http://www.securityfocus.com/bid/77638 Vdb Entry
http://www.securitytracker.com/id/1034557 Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1282688 X_refsource_confirm
https://forums.grsecurity.net/viewtopic.php?f=3&t=4150 X_refsource_misc
https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8 X_refsource_confirm
URL Date SRC
http://www.spinics.net/lists/netdev/msg318826.html 2024-08-06
https://lkml.org/lkml/2013/10/14/424 2024-08-06
https://lkml.org/lkml/2014/5/15/532 2024-08-06
https://lkml.org/lkml/2015/9/13/195 2024-08-06
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html 2023-11-07
http://www.debian.org/security/2015/dsa-3426 2023-11-07
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3 2023-11-07
http://www.ubuntu.com/usn/USN-2886-1 2023-11-07
http://www.ubuntu.com/usn/USN-2887-1 2023-11-07
http://www.ubuntu.com/usn/USN-2887-2 2023-11-07
http://www.ubuntu.com/usn/USN-2888-1 2023-11-07
http://www.ubuntu.com/usn/USN-2889-1 2023-11-07
http://www.ubuntu.com/usn/USN-2889-2 2023-11-07
http://www.ubuntu.com/usn/USN-2890-1 2023-11-07
http://www.ubuntu.com/usn/USN-2890-2 2023-11-07
http://www.ubuntu.com/usn/USN-2890-3 2023-11-07
https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 4.3.2
Search vendor "Linux" for product "Linux Kernel" and version " <= 4.3.2"
-
Affected