Vulnerability CVE-2013-6380


Published: 2013-11-26   Modified: 2013-11-27

Description:
The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.

See advisories in our WLB2 database:
Topic
Author
Date
High
Linux kernel Multiple CVE fixes
Nico Golde and F...
23.11.2013

Type:

CWE-20

(Improper Input Validation)

Vendor: Linux
Product: Linux kernel 
Version:
3.9.9
3.9.8
3.9.7
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.11
3.9.10
3.9.1
3.9.0
3.9
3.8.9
3.8.8
3.8.7
3.8.6
3.8.5
3.8.4
3.8.3
3.8.2
3.8.13
3.8.12
3.8.11
3.8.10
3.8.1
3.8.0
3.7.9
3.7.8
3.7.7
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.10
3.7.1
3.7
3.6.9
3.6.8
3.6.7
3.6.6
3.6.5
3.6.4
3.6.3
3.6.2
3.6.11
3.6.10
3.6.1
3.6
3.5.7
3.5.6
3.5.5
3.5.4
3.5.3
3.5.2
3.5.1
3.4.9
3.4.8
3.4.7
3.4.6
3.4.5
3.4.4
3.4.32
3.4.31
3.4.30
3.4.3
3.4.29
3.4.28
3.4.27
3.4.26
3.4.25
3.4.24
3.4.23
3.4.22
3.4.21
3.4.20
3.4.2
3.4.19
3.4.18
3.4.17
3.4.16
3.4.15
3.4.14
3.4.13
3.4.12
3.4.11
3.4.10
3.4.1
3.4
3.3.8
3.3.7
3.3.6
3.3.5
3.3.4
3.3.3
3.3.2
3.3.1
3.3
3.2.9
See more versions on NVD

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.7/10
6.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
https://github.com/torvalds/linux/commit/b4789b8e6be3151a955ade74872822f30e8cd914
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b4789b8e6be3151a955ade74872822f30e8cd914
https://bugzilla.redhat.com/show_bug.cgi?id=1033593
http://www.ubuntu.com/usn/USN-2136-1
http://www.ubuntu.com/usn/USN-2129-1
http://www.ubuntu.com/usn/USN-2128-1
http://www.ubuntu.com/usn/USN-2116-1
http://www.ubuntu.com/usn/USN-2115-1
http://www.ubuntu.com/usn/USN-2114-1
http://www.ubuntu.com/usn/USN-2111-1
http://www.ubuntu.com/usn/USN-2110-1
http://www.ubuntu.com/usn/USN-2109-1
http://www.ubuntu.com/usn/USN-2075-1
http://www.ubuntu.com/usn/USN-2070-1
http://www.openwall.com/lists/oss-security/2013/11/22/5
http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html

Related CVE
CVE-2018-10882
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
CVE-2017-2618
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.
CVE-2018-14617
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog ...
CVE-2018-14616
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.
CVE-2018-14615
An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.
CVE-2018-14614
An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.
CVE-2018-14613
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btr...
CVE-2018-14612
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/...

Copyright 2018, cxsecurity.com

 

Back to Top