Published: 02/03/2015 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 188

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

The Crypto API in the Linux kernel prior to 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 12.04
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
debian debian linux 8.0
debian debian linux 7.0
linux linux kernel
oracle linux 5
oracle linux 6
oracle linux 7

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, address severalhundred bugs, and add numerous enhancements are now available as part ofthe ongoing support and maintenance of Red H ...

Synopsis Important: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix multiple security issues, several bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 7Red Hat Product Security has rated ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules A local user can use this flaw to exploit vulnerabilities ...

Several security issues were fixed in the kernel ...

CWE-269 https://lkml.org/lkml/2013/3/4/70 http://www.openwall.com/lists/oss-security/2015/01/24/4 https://github.com/torvalds/linux/commit/5d26a105b5a73e5635eae0629b42fa0a90e07b7b http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 https://bugzilla.redhat.com/show_bug.cgi?id=1185469 https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu http://www.ubuntu.com/usn/USN-2514-1 http://www.securityfocus.com/bid/72322 http://www.ubuntu.com/usn/USN-2513-1 http://www.debian.org/security/2015/dsa-3170 http://www.mandriva.com/security/advisories?name=MDVSA-2015:057 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.ubuntu.com/usn/USN-2543-1 http://www.ubuntu.com/usn/USN-2544-1 http://www.ubuntu.com/usn/USN-2545-1 http://www.ubuntu.com/usn/USN-2546-1 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://rhn.redhat.com/errata/RHSA-2016-0068.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d26a105b5a73e5635eae0629b42fa0a90e07b7b https://access.redhat.com/errata/RHSA-2015:2152 https://nvd.nist.gov https://usn.ubuntu.com/2514-1/https://www.debian.org/security/./dsa-3170

CVE-2013-7421

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect