Ubuntu.comUB:CVE-2013-7348CVE-2013-7348
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
Double free vulnerability in the ioctx_alloc function in fs/aio.c in the
Linux kernel before 3.12.4 allows local users to cause a denial of service
(system crash) or possibly have unspecified other impact via vectors
involving an error condition in the aio_setup_ring function.
Bugs
Notes
| Author | Note |
|---|---|
| seth-arnold | The ‘break’ checkin I had previously marked was introduced after the ‘fix’ checkin; I’m curious if the fix has been undone by d1b9432712a25eeb06114fb4b587133525a47de5. |
| jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels |
References
marc.info/?l=oss-security&m=139628186408732&w=2
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d558023207e008a4476a3b7bb8706b2a2bf5d84f
launchpad.net/bugs/cve/CVE-2013-7348
nvd.nist.gov/vuln/detail/CVE-2013-7348
security-tracker.debian.org/tracker/CVE-2013-7348
www.cve.org/CVERecord?id=CVE-2013-7348
Related
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%