CVE-2013-4312

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=712f4aad406bb1ed67f3f98d04c044191f0ff593

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html

http://rhn.redhat.com/errata/RHSA-2016-0855.html

http://rhn.redhat.com/errata/RHSA-2016-2574.html

http://rhn.redhat.com/errata/RHSA-2016-2584.html

http://www.debian.org/security/2016/dsa-3448

http://www.debian.org/security/2016/dsa-3503

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/bid/82986

http://www.ubuntu.com/usn/USN-2929-1

http://www.ubuntu.com/usn/USN-2929-2

http://www.ubuntu.com/usn/USN-2931-1

http://www.ubuntu.com/usn/USN-2932-1

http://www.ubuntu.com/usn/USN-2967-1

http://www.ubuntu.com/usn/USN-2967-2

https://bugzilla.redhat.com/show_bug.cgi?id=1297813

https://github.com/torvalds/linux/commit/712f4aad406bb1ed67f3f98d04c044191f0ff593

https://security-tracker.debian.org/tracker/CVE-2013-4312

Details

Source: MITRE

Published: 2016-02-08

Updated: 2019-12-27

Type: CWE-119

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 6.2

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.5

Severity: MEDIUM

Tenable Plugins

View all (39 total)

IDNameProductFamilySeverity
124970EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1517)NessusHuawei Local Security Checks
high
124797EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1473)NessusHuawei Local Security Checks
medium
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
96903SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)NessusSuSE Local Security Checks
critical
95841Scientific Linux Security Update : kernel on SL7.x x86_64 (20161103)NessusScientific Linux Local Security Checks
critical
95536SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2976-1)NessusSuSE Local Security Checks
critical
95321CentOS 7 : kernel (CESA-2016:2574)NessusCentOS Local Security Checks
critical
94697Oracle Linux 7 : kernel (ELSA-2016-2574)NessusOracle Linux Local Security Checks
critical
94547RHEL 7 : kernel-rt (RHSA-2016:2584)NessusRed Hat Local Security Checks
critical
94537RHEL 7 : kernel (RHSA-2016:2574)NessusRed Hat Local Security Checks
critical
93679OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0100)NessusOracleVM Local Security Checks
critical
93370SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2245-1)NessusSuSE Local Security Checks
critical
93148Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3596)NessusOracle Linux Local Security Checks
critical
91743OracleVM 3.2 : kernel-uek (OVMSA-2016-0060)NessusOracleVM Local Security Checks
high
91643Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160510)NessusScientific Linux Local Security Checks
high
91295OracleVM 3.3 : kernel-uek (OVMSA-2016-0053)NessusOracleVM Local Security Checks
high
91293Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3567)NessusOracle Linux Local Security Checks
high
91292Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3566)NessusOracle Linux Local Security Checks
high
91291Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3565)NessusOracle Linux Local Security Checks
high
91280OracleVM 3.4 : kernel-uek (OVMSA-2016-0052)NessusOracleVM Local Security Checks
high
91213Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3559)NessusOracle Linux Local Security Checks
high
91210Oracle Linux 6 : kernel (ELSA-2016-0855)NessusOracle Linux Local Security Checks
high
91170CentOS 6 : kernel (CESA-2016:0855)NessusCentOS Local Security Checks
high
91087Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)NessusUbuntu Local Security Checks
critical
91077RHEL 6 : kernel (RHSA-2016:0855)NessusRed Hat Local Security Checks
high
89937Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2932-1)NessusUbuntu Local Security Checks
high
89936Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2931-1)NessusUbuntu Local Security Checks
high
89933Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2929-2)NessusUbuntu Local Security Checks
high
89932Ubuntu 14.04 LTS : linux vulnerabilities (USN-2929-1)NessusUbuntu Local Security Checks
high
89554Fedora 22 : kernel-4.3.4-200.fc22 (2016-5d43766e33)NessusFedora Local Security Checks
critical
89507Fedora 23 : kernel-4.3.4-300.fc23 (2016-2f25d12c51)NessusFedora Local Security Checks
critical
89122Debian DSA-3503-1 : linux - security updateNessusDebian Local Security Checks
critical
89024Ubuntu 14.04 LTS : linux-lts-wily regression (USN-2908-5)NessusUbuntu Local Security Checks
high
89023Ubuntu 15.10 : linux regression (USN-2908-4)NessusUbuntu Local Security Checks
high
88899Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-2908-3)NessusUbuntu Local Security Checks
high
88898Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2908-2)NessusUbuntu Local Security Checks
high
88897Ubuntu 15.10 : linux vulnerabilities (USN-2908-1)NessusUbuntu Local Security Checks
high
88660Amazon Linux AMI : kernel (ALAS-2016-648)NessusAmazon Linux Local Security Checks
high
87995Debian DSA-3448-1 : linux - security updateNessusDebian Local Security Checks
high