2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.3%
The HP Smart Array controller disk-array driver and Compaq SMART2
controller disk-array driver in the Linux kernel through 3.9.4 do not
initialize certain data structures, which allows local users to obtain
sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO
command for a /dev/ida device, related to the ida_locked_ioctl function in
drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a
/dev/cciss device, related to the cciss_ioctl32_passthru function in
drivers/block/cciss.c.
Author | Note |
---|---|
seth-arnold | patches are 6374dc1…34971aa and 639d26b…2b94403, not yet in tree |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | < 2.6.32-53.115 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | < 3.2.0-56.86 | UNKNOWN |
ubuntu | 12.10 | noarch | linux | < 3.5.0-42.65 | UNKNOWN |
ubuntu | 13.04 | noarch | linux | < 3.8.0-33.48 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1627.39 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-armadaxp | < 3.5.0-1623.32 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-358.71 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-quantal | < 3.5.0-42.65~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-raring | < 3.8.0-33.48~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1440.59 | UNKNOWN |
www.openwall.com/lists/oss-security/2013/06/05/3
launchpad.net/bugs/cve/CVE-2013-2147
lkml.org/lkml/2013/6/3/127
lkml.org/lkml/2013/6/3/131
nvd.nist.gov/vuln/detail/CVE-2013-2147
security-tracker.debian.org/tracker/CVE-2013-2147
ubuntu.com/security/notices/USN-1994-1
ubuntu.com/security/notices/USN-1996-1
ubuntu.com/security/notices/USN-1997-1
ubuntu.com/security/notices/USN-1999-1
ubuntu.com/security/notices/USN-2015-1
ubuntu.com/security/notices/USN-2016-1
ubuntu.com/security/notices/USN-2017-1
ubuntu.com/security/notices/USN-2018-1
ubuntu.com/security/notices/USN-2020-1
ubuntu.com/security/notices/USN-2023-1
ubuntu.com/security/notices/USN-2050-1
www.cve.org/CVERecord?id=CVE-2013-2147