[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-6282Date: (C)2013-11-28   (M)2024-02-22


The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
EXPLOIT-DB-40975
BID-63734
USN-2067-1
http://www.openwall.com/lists/oss-security/2013/11/14/11
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8404663f81d212918ff85f493649a7991209fa04
http://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5
https://github.com/torvalds/linux/commit/8404663f81d212918ff85f493649a7991209fa04

CWE    1
CWE-20
OVAL    1
oval:org.secpod.oval:def:701537

© SecPod Technologies