[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-7446Date: (C)2015-12-24   (M)2024-03-26


Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score : 5.4
Exploit Score: 1.0Exploit Score: 3.4
Impact Score: 4.2Impact Score: 7.8
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: COMPLETE
Integrity: LOW 
Availability: HIGH 
  
Reference:
SECTRACK-1034557
BID-77638
DSA-3426
SUSE-SU-2016:0745
SUSE-SU-2016:0746
SUSE-SU-2016:0747
SUSE-SU-2016:0749
SUSE-SU-2016:0750
SUSE-SU-2016:0751
SUSE-SU-2016:0752
SUSE-SU-2016:0753
SUSE-SU-2016:0754
SUSE-SU-2016:0755
SUSE-SU-2016:0756
SUSE-SU-2016:0757
SUSE-SU-2016:0911
SUSE-SU-2016:1102
SUSE-SU-2016:1961
SUSE-SU-2016:1994
SUSE-SU-2016:1995
SUSE-SU-2016:2000
SUSE-SU-2016:2001
SUSE-SU-2016:2002
SUSE-SU-2016:2003
SUSE-SU-2016:2005
SUSE-SU-2016:2006
SUSE-SU-2016:2007
SUSE-SU-2016:2009
SUSE-SU-2016:2010
SUSE-SU-2016:2011
SUSE-SU-2016:2014
SUSE-SU-2016:2074
USN-2886-1
USN-2887-1
USN-2887-2
USN-2888-1
USN-2889-1
USN-2889-2
USN-2890-1
USN-2890-2
USN-2890-3
https://lkml.org/lkml/2013/10/14/424
https://lkml.org/lkml/2014/5/15/532
https://lkml.org/lkml/2015/9/13/195
http://www.spinics.net/lists/netdev/msg318826.html
http://www.openwall.com/lists/oss-security/2015/11/18/16
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3
https://bugzilla.redhat.com/show_bug.cgi?id=1282688
https://forums.grsecurity.net/viewtopic.php?f=3&t=4150
https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c
https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8
openSUSE-SU-2016:1641

CPE    1
cpe:/o:linux:linux_kernel
OVAL    31
oval:org.secpod.oval:def:400766
oval:org.secpod.oval:def:400806
oval:org.secpod.oval:def:400728
oval:org.secpod.oval:def:400749
...

© SecPod Technologies