Lucene search

[email protected]NVD:CVE-2013-6383

HistoryNov 27, 2013 - 4:43 a.m.

CVE-2013-6383

2013-11-2704:43:33

CWE-264

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

5.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.

Affected configurations

NVD

Node

linuxlinux_kernelRange2.6.12–3.2.53

linuxlinux_kernelRange3.3–3.4.69

linuxlinux_kernelRange3.5–3.10.19

linuxlinux_kernelRange3.11–3.11.8

References

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

5.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for NVD:CVE-2013-6383

prion1 nessus40 ubuntucve1 oraclelinux7 veracode2 cve1 openvas55 cvelist1 debiancve1 redhat6 centos2 ubuntu13 altlinux1 securityvulns4 debian1 mageia5 osv1 suse1