CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
26.5%
The ftrace implementation in the Linux kernel before 3.8.8 allows local
users to cause a denial of service (NULL pointer dereference and system
crash) or possibly have unspecified other impact by leveraging the
CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2)
set_graph_function file, and then making an lseek system call.
Author | Note |
---|---|
apw | The driver is only vunerable in after either one (or both of) the following sha1s, adding the first of these chronologically as the break commit: 6038f373a3dc1f1c26496e60b6c40b164716f07e 756d17ee7ee4fbc8238bdf97100af63e6ac441ef |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | < 3.2.0-44.69 | UNKNOWN |
ubuntu | 12.10 | noarch | linux | < 3.5.0-31.52 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1619.29 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-armadaxp | < 3.5.0-1614.21 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-quantal | < 3.5.0-31.52~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1432.41 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-ti-omap4 | < 3.5.0-225.36 | UNKNOWN |
ubuntu | 13.04 | noarch | linux-ti-omap4 | < 3.5.0-225.36 | UNKNOWN |
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6a76f8c0ab19f215af2a3442870eeb5f0e81998d
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8
www.openwall.com/lists/oss-security/2013/04/15/1
bugzilla.redhat.com/show_bug.cgi?id=952197
git.kernel.org/linus/6a76f8c0ab19f215af2a3442870eeb5f0e81998d
github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d
launchpad.net/bugs/cve/CVE-2013-3301
nvd.nist.gov/vuln/detail/CVE-2013-3301
security-tracker.debian.org/tracker/CVE-2013-3301
ubuntu.com/security/notices/USN-1833-1
ubuntu.com/security/notices/USN-1834-1
ubuntu.com/security/notices/USN-1835-1
ubuntu.com/security/notices/USN-1836-1
ubuntu.com/security/notices/USN-1838-1
ubuntu.com/security/notices/USN-1839-1
www.cve.org/CVERecord?id=CVE-2013-3301