Vulnerability CVE-2013-6380


Published: 2013-11-26   Modified: 2013-11-27

Description:
The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.

See advisories in our WLB2 database:
Topic
Author
Date
High
Linux kernel Multiple CVE fixes
Nico Golde and F...
23.11.2013

Type:

CWE-20

(Improper Input Validation)

Vendor: Linux
Product: Linux kernel 
Version:
3.9.9
3.9.8
3.9.7
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.11
3.9.10
3.9.1
3.9.0
3.9
3.8.9
3.8.8
3.8.7
3.8.6
3.8.5
3.8.4
3.8.3
3.8.2
3.8.13
3.8.12
3.8.11
3.8.10
3.8.1
3.8.0
3.7.9
3.7.8
3.7.7
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.10
3.7.1
3.7
3.6.9
3.6.8
3.6.7
3.6.6
3.6.5
3.6.4
3.6.3
3.6.2
3.6.11
3.6.10
3.6.1
3.6
3.5.7
3.5.6
3.5.5
3.5.4
3.5.3
3.5.2
3.5.1
3.4.9
3.4.8
3.4.7
3.4.6
3.4.5
3.4.4
3.4.32
3.4.31
3.4.30
3.4.3
3.4.29
3.4.28
3.4.27
3.4.26
3.4.25
3.4.24
3.4.23
3.4.22
3.4.21
3.4.20
3.4.2
3.4.19
3.4.18
3.4.17
3.4.16
3.4.15
3.4.14
3.4.13
3.4.12
3.4.11
3.4.10
3.4.1
3.4
3.3.8
3.3.7
3.3.6
3.3.5
3.3.4
3.3.3
3.3.2
3.3.1
3.3
3.2.9
See more versions on NVD

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.7/10
6.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
https://github.com/torvalds/linux/commit/b4789b8e6be3151a955ade74872822f30e8cd914
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b4789b8e6be3151a955ade74872822f30e8cd914
https://bugzilla.redhat.com/show_bug.cgi?id=1033593
http://www.ubuntu.com/usn/USN-2136-1
http://www.ubuntu.com/usn/USN-2129-1
http://www.ubuntu.com/usn/USN-2128-1
http://www.ubuntu.com/usn/USN-2116-1
http://www.ubuntu.com/usn/USN-2115-1
http://www.ubuntu.com/usn/USN-2114-1
http://www.ubuntu.com/usn/USN-2111-1
http://www.ubuntu.com/usn/USN-2110-1
http://www.ubuntu.com/usn/USN-2109-1
http://www.ubuntu.com/usn/USN-2075-1
http://www.ubuntu.com/usn/USN-2070-1
http://www.openwall.com/lists/oss-security/2013/11/22/5
http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html

Related CVE
CVE-2017-18270
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
CVE-2018-11232
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2018-1087
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS ...
CVE-2018-1118
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel ...
CVE-2018-1130
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
CVE-2018-10940
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
CVE-2018-10675
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVE-2018-10323
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.

Copyright 2018, cxsecurity.com

 

Back to Top