4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
9.4%
The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before
3.7.6 does not validate block numbers, which allows local users to cause a
denial of service (NULL pointer dereference and system crash) or possibly
have unspecified other impact by leveraging the ability to mount an XFS
filesystem containing a metadata inode with an invalid extent map.
Author | Note |
---|---|
henrix | This CVE has minor impact as it requires root privileges to mount a corrupted image. Also, it is too risky to backport the fix to older kernels (Precise, in this case). |
jjohansen | precise_linux and precise_linux-lts-quantal ignored (was in USN-1968-1/3.2.0-54.82 reverted minor priority CVE with high risk of regression in backport) precise_linux-armadaxp ignored due to high risk of regression in backport |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.10 | noarch | linux-armadaxp | < 3.5.0-1622.30 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-ti-omap4 | < 3.5.0-233.49 | UNKNOWN |
ubuntu | 13.04 | noarch | linux-ti-omap4 | < 3.5.0-233.49 | UNKNOWN |
www.openwall.com/lists/oss-security/2013/03/05/9
bugzilla.redhat.com/show_bug.cgi?id=918009
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eb178619f930fa2ba2348de332a1ff1c66a31424
launchpad.net/bugs/cve/CVE-2013-1819
nvd.nist.gov/vuln/detail/CVE-2013-1819
security-tracker.debian.org/tracker/CVE-2013-1819
ubuntu.com/security/notices/USN-1968-1
ubuntu.com/security/notices/USN-1969-1
ubuntu.com/security/notices/USN-1970-1
ubuntu.com/security/notices/USN-1972-1
ubuntu.com/security/notices/USN-1973-1
ubuntu.com/security/notices/USN-1975-1
www.cve.org/CVERecord?id=CVE-2013-1819