Published: 29/04/2013 Updated: 02/02/2024

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The ftrace implementation in the Linux kernel prior to 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
redhat enterprise linux 6.0
redhat enterprise mrg 2.0
suse linux enterprise desktop 11
suse linux enterprise server 11
suse linux enterprise high availability extension 11

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix several security issues and multiplebugs are now available for Red Hat Enterprise MRG 23The Red Hat Security Response Team has rated this update as havingimportant ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character device A local user could use this to d ...

The bt_sock_recvmsg function in net/bluetooth/af_bluetoothc in the Linux kernel before 39-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call The udf_encode_fh function in fs/udf/nameic in the Linux kerne ...

Several security issues were fixed in the kernel ...

The ftrace implementation in the Linux kernel before 388 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call ...

source: wwwsecurityfocuscom/bid/59055/info The Linux kernel is prone to multiple local denial-of-service vulnerabilities Attackers can exploit these issues to trigger a kernel crash, which may result in a denial-of-service condition cd /sys/kernel/debug/tracing echo 1234 | sudo tee -a set_ftrace_pid ...

NVD-CWE-Other http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8 http://www.openwall.com/lists/oss-security/2013/04/15/1 https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d https://bugzilla.redhat.com/show_bug.cgi?id=952197 http://www.ubuntu.com/usn/USN-1836-1 http://www.ubuntu.com/usn/USN-1834-1 http://www.ubuntu.com/usn/USN-1838-1 http://www.ubuntu.com/usn/USN-1835-1 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata/RHSA-2013-1051.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d https://access.redhat.com/errata/RHSA-2013:1264 https://nvd.nist.gov https://www.exploit-db.com/exploits/38465/https://usn.ubuntu.com/1835-1/https://access.redhat.com/security/cve/cve-2013-3301 https://www.debian.org/security/./dsa-2669

CVE-2013-3301

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect