CVE-2013-3301

2013-04-2914:55:04

[email protected]

web.nvd.nist.gov

linux kernel

ftrace

denial of service

cve-2013-3301

security vulnerability

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.

Affected configurations

NVD

Node

linuxlinux_kernelRange3.1–3.2.44

linuxlinux_kernelRange3.3–3.4.49

linuxlinux_kernelRange3.5–3.8.8

Node

redhatenterprise_linuxMatch6.0

redhatenterprise_mrgMatch2.0

Node

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_high_availability_extensionMatch11sp3

suselinux_enterprise_serverMatch11sp3-

suselinux_enterprise_serverMatch11sp3vmware

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt3.2.44
linux:linux_kernellinux linux kernellt3.4.49
linux:linux_kernellinux linux kernellt3.8.8