Published: 07/06/2013 Updated: 13/02/2023

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

VMScore: 393

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel prior to 3.8.6 allows physically proximate malicious users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 3.8.2
linux linux kernel 3.8.0
linux linux kernel
linux linux kernel 3.8.1
linux linux kernel 3.8.3
linux linux kernel 3.8.4

Synopsis Important: Red Hat Enterprise Linux 6 kernel update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, address severalhundred bugs, and add numerous enhancements are now available as part ofthe ongoing support and maintenance of Red Hat Enter ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2121 Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU mapping of memory slots us ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character device A local user could use this to d ...

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3c in the Linux kernel before 386 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure Use-af ...

Several security issues were fixed in the kernel ...

CWE-119 http://www.openwall.com/lists/oss-security/2013/04/06/3 http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf https://bugzilla.redhat.com/show_bug.cgi?id=949932 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.6 https://github.com/torvalds/linux/commit/715230a44310a8cf66fbfb5a46f9a62a9b2de424 http://www.ubuntu.com/usn/USN-1836-1 http://www.ubuntu.com/usn/USN-1834-1 http://www.ubuntu.com/usn/USN-1838-1 http://www.ubuntu.com/usn/USN-1835-1 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101836.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata/RHSA-2013-1645.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=715230a44310a8cf66fbfb5a46f9a62a9b2de424 https://access.redhat.com/errata/RHSA-2013:1645 https://nvd.nist.gov https://usn.ubuntu.com/1835-1/https://access.redhat.com/security/cve/cve-2013-1929 https://www.debian.org/security/./dsa-2668

Get Started

CVE-2013-1929

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect