CVE-2013-2148

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.

References

http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html

http://lkml.org/lkml/2013/6/3/128

http://www.openwall.com/lists/oss-security/2013/06/05/26

http://www.ubuntu.com/usn/USN-1929-1

http://www.ubuntu.com/usn/USN-1930-1

https://bugzilla.redhat.com/show_bug.cgi?id=971258

Details

Source: MITRE

Published: 2013-06-07

Updated: 2014-01-04

Type: CWE-399

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.9.4 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
76665RHEL 6 : MRG (RHSA-2013:1264)NessusRed Hat Local Security Checks
high
75184openSUSE Security Update : kernel (openSUSE-SU-2013:1619-1)NessusSuSE Local Security Checks
high
74878openSUSE Security Update : kernel (openSUSE-SU-2013:1971-1)NessusSuSE Local Security Checks
high
72472Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3002)NessusOracle Linux Local Security Checks
high
70040SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8269 / 8270 / 8283)NessusSuSE Local Security Checks
high
70039SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8263 / 8265 / 8273)NessusSuSE Local Security Checks
high
69505Debian DSA-2745-1 : linux - privilege escalation/denial of service/information leakNessusDebian Local Security Checks
high
69419Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1936-1)NessusUbuntu Local Security Checks
high
69418Ubuntu 13.04 : linux vulnerabilities (USN-1935-1)NessusUbuntu Local Security Checks
high
69417Ubuntu 12.10 : linux vulnerabilities (USN-1932-1)NessusUbuntu Local Security Checks
high
69416Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1931-1)NessusUbuntu Local Security Checks
high
69415Ubuntu 12.04 LTS : linux vulnerability (USN-1929-1)NessusUbuntu Local Security Checks
low
67351Fedora 17 : kernel-3.9.8-100.fc17 (2013-9123)NessusFedora Local Security Checks
high
67285Fedora 18 : kernel-3.9.5-201.fc18 (2013-10695)NessusFedora Local Security Checks
high
67284Fedora 19 : kernel-3.9.5-301.fc19 (2013-10689)NessusFedora Local Security Checks
medium
67254Mandriva Linux Security Advisory : kernel (MDVSA-2013:194)NessusMandriva Local Security Checks
high