CVE-2013-2147

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.

References

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

http://lkml.org/lkml/2013/6/3/127

http://lkml.org/lkml/2013/6/3/131

http://rhn.redhat.com/errata/RHSA-2013-1166.html

http://www.openwall.com/lists/oss-security/2013/06/05/25

http://www.ubuntu.com/usn/USN-1994-1

http://www.ubuntu.com/usn/USN-1996-1

http://www.ubuntu.com/usn/USN-1997-1

http://www.ubuntu.com/usn/USN-1999-1

http://www.ubuntu.com/usn/USN-2015-1

http://www.ubuntu.com/usn/USN-2016-1

http://www.ubuntu.com/usn/USN-2017-1

http://www.ubuntu.com/usn/USN-2020-1

http://www.ubuntu.com/usn/USN-2023-1

http://www.ubuntu.com/usn/USN-2050-1

https://bugzilla.redhat.com/show_bug.cgi?id=971242

Details

Source: MITRE

Published: 2013-06-07

Updated: 2018-01-09

Type: CWE-399

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
89670VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0015) (remote check)NessusMisc.
medium
83723SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)NessusSuSE Local Security Checks
high
83611SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)NessusSuSE Local Security Checks
high
83603SUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1)NessusSuSE Local Security Checks
high
76665RHEL 6 : MRG (RHSA-2013:1264)NessusRed Hat Local Security Checks
high
73713Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leakNessusDebian Local Security Checks
critical
72472Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3002)NessusOracle Linux Local Security Checks
high
71245VMSA-2013-0015 : VMware ESX updates to third-party librariesNessusVMware ESX Local Security Checks
medium
70805Ubuntu 13.04 : linux vulnerabilities (USN-2023-1)NessusUbuntu Local Security Checks
medium
70803Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2020-1)NessusUbuntu Local Security Checks
medium
70801Ubuntu 12.04 LTS : linux vulnerabilities (USN-2017-1)NessusUbuntu Local Security Checks
medium
70800Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2016-1)NessusUbuntu Local Security Checks
medium
70799Ubuntu 10.04 LTS : linux vulnerabilities (USN-2015-1)NessusUbuntu Local Security Checks
medium
70542Ubuntu 12.10 : linux vulnerability (USN-1996-1)NessusUbuntu Local Security Checks
low
70540Ubuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-1994-1)NessusUbuntu Local Security Checks
low
69456Oracle Linux 5 : kernel (ELSA-2013-1166)NessusOracle Linux Local Security Checks
medium
69455Oracle Linux 5 : kernel (ELSA-2013-1166-1)NessusOracle Linux Local Security Checks
medium
69440Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20130820)NessusScientific Linux Local Security Checks
medium
69434CentOS 5 : kernel (CESA-2013:1166)NessusCentOS Local Security Checks
medium
69413RHEL 5 : kernel (RHSA-2013:1166)NessusRed Hat Local Security Checks
medium
67351Fedora 17 : kernel-3.9.8-100.fc17 (2013-9123)NessusFedora Local Security Checks
high
67285Fedora 18 : kernel-3.9.5-201.fc18 (2013-10695)NessusFedora Local Security Checks
high
67284Fedora 19 : kernel-3.9.5-301.fc19 (2013-10689)NessusFedora Local Security Checks
medium
67254Mandriva Linux Security Advisory : kernel (MDVSA-2013:194)NessusMandriva Local Security Checks
high