CVE-2013-7421

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d26a105b5a73e5635eae0629b42fa0a90e07b7b

http://rhn.redhat.com/errata/RHSA-2016-0068.html

http://www.debian.org/security/2015/dsa-3170

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5

http://www.mandriva.com/security/advisories?name=MDVSA-2015:057

http://www.mandriva.com/security/advisories?name=MDVSA-2015:058

http://www.openwall.com/lists/oss-security/2015/01/24/4

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/72322

http://www.ubuntu.com/usn/USN-2513-1

http://www.ubuntu.com/usn/USN-2514-1

http://www.ubuntu.com/usn/USN-2543-1

http://www.ubuntu.com/usn/USN-2544-1

http://www.ubuntu.com/usn/USN-2545-1

http://www.ubuntu.com/usn/USN-2546-1

https://bugzilla.redhat.com/show_bug.cgi?id=1185469

https://github.com/torvalds/linux/commit/5d26a105b5a73e5635eae0629b42fa0a90e07b7b

https://lkml.org/lkml/2013/3/4/70

https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu

Details

Source: MITRE

Published: 2015-03-02

Updated: 2020-05-19

Type: CWE-269

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
124801EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1477)NessusHuawei Local Security Checks
medium
124795EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1471)NessusHuawei Local Security Checks
high
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
90019OracleVM 3.2 : kernel-uek (OVMSA-2016-0037)NessusOracleVM Local Security Checks
critical
88571RHEL 7 : kernel-rt (RHSA-2015:2411)NessusRed Hat Local Security Checks
medium
88405RHEL 6 : MRG (RHSA-2016:0068)NessusRed Hat Local Security Checks
high
87836Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3503)NessusOracle Linux Local Security Checks
medium
87835Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3502)NessusOracle Linux Local Security Checks
medium
87559Scientific Linux Security Update : kernel on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
medium
87135CentOS 7 : kernel (CESA-2015:2152)NessusCentOS Local Security Checks
high
87090Oracle Linux 7 : kernel (ELSA-2015-2152)NessusOracle Linux Local Security Checks
high
86972RHEL 7 : kernel (RHSA-2015:2152)NessusRed Hat Local Security Checks
high
82691OracleVM 3.3 : kernel-uek (OVMSA-2015-0040)NessusOracleVM Local Security Checks
high
82073Ubuntu 14.10 : linux vulnerabilities (USN-2546-1)NessusUbuntu Local Security Checks
critical
82072Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2545-1)NessusUbuntu Local Security Checks
critical
82071Ubuntu 14.04 LTS : linux vulnerabilities (USN-2544-1)NessusUbuntu Local Security Checks
high
82070Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2543-1)NessusUbuntu Local Security Checks
high
81966Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3012)NessusOracle Linux Local Security Checks
high
81941Mandriva Linux Security Advisory : kernel (MDVSA-2015:058)NessusMandriva Local Security Checks
high
81940Mandriva Linux Security Advisory : kernel (MDVSA-2015:057)NessusMandriva Local Security Checks
medium
81567Ubuntu 12.04 LTS : linux vulnerabilities (USN-2513-1)NessusUbuntu Local Security Checks
medium
81449Debian DSA-3170-1 : linux - security updateNessusDebian Local Security Checks
critical