Vulnerability CVE-2013-6383


Published: 2013-11-26   Modified: 2013-11-27

Description:
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.

See advisories in our WLB2 database:
Topic
Author
Date
High
Linux kernel Multiple CVE fixes
Nico Golde and F...
23.11.2013

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Linux
Product: Linux kernel 
Version:
3.9.9
3.9.8
3.9.7
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.11
3.9.10
3.9.1
3.9.0
3.9
3.8.9
3.8.8
3.8.7
3.8.6
3.8.5
3.8.4
3.8.3
3.8.2
3.8.13
3.8.12
3.8.11
3.8.10
3.8.1
3.8.0
3.7.9
3.7.8
3.7.7
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.10
3.7.1
3.7
3.6.9
3.6.8
3.6.7
3.6.6
3.6.5
3.6.4
3.6.3
3.6.2
3.6.11
3.6.10
3.6.1
3.6
3.5.7
3.5.6
3.5.5
3.5.4
3.5.3
3.5.2
3.5.1
3.4.9
3.4.8
3.4.7
3.4.6
3.4.5
3.4.4
3.4.32
3.4.31
3.4.30
3.4.3
3.4.29
3.4.28
3.4.27
3.4.26
3.4.25
3.4.24
3.4.23
3.4.22
3.4.21
3.4.20
3.4.2
3.4.19
3.4.18
3.4.17
3.4.16
3.4.15
3.4.14
3.4.13
3.4.12
3.4.11
3.4.10
3.4.1
3.4
3.3.8
3.3.7
3.3.6
3.3.5
3.3.4
3.3.3
3.3.2
3.3.1
3.3
3.2.9
See more versions on NVD

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://github.com/torvalds/linux/commit/f856567b930dfcdbc3323261bf77240ccdde01f5
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f856567b930dfcdbc3323261bf77240ccdde01f5
https://bugzilla.redhat.com/show_bug.cgi?id=1033530
http://www.ubuntu.com/usn/USN-2108-1
http://www.ubuntu.com/usn/USN-2107-1
http://www.ubuntu.com/usn/USN-2076-1
http://www.ubuntu.com/usn/USN-2075-1
http://www.ubuntu.com/usn/USN-2074-1
http://www.ubuntu.com/usn/USN-2073-1
http://www.ubuntu.com/usn/USN-2072-1
http://www.ubuntu.com/usn/USN-2071-1
http://www.ubuntu.com/usn/USN-2070-1
http://www.ubuntu.com/usn/USN-2069-1
http://www.ubuntu.com/usn/USN-2068-1
http://www.ubuntu.com/usn/USN-2067-1
http://www.ubuntu.com/usn/USN-2066-1
http://www.openwall.com/lists/oss-security/2013/11/22/5
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.8
http://rhn.redhat.com/errata/RHSA-2014-0285.html
http://rhn.redhat.com/errata/RHSA-2014-0100.html

Related CVE
CVE-2018-18710
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds c...
CVE-2018-18690
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_...
CVE-2018-6559
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
CVE-2018-18559
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a ra...
CVE-2018-18386
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
CVE-2018-18445
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bi...
CVE-2018-14656
A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log.
CVE-2018-17977
The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to e...

Copyright 2018, cxsecurity.com

 

Back to Top