{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-05-30T09:00:00.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7"}, {"name": "USN-1829-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1829-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"}, {"name": "RHSA-2013:0744", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"}, {"name": "[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:33.305Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7"}, {"name": "USN-1829-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1829-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"}, {"name": "RHSA-2013:0744", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"}, {"name": "[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1826", "datePublished": "2013-03-22T10:00:00.000Z", "dateReserved": "2013-02-19T00:00:00.000Z", "dateUpdated": "2024-08-06T15:13:33.305Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F163243-B6A0-4018-9B03-673F36E1741C", "versionEndIncluding": "3.5.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "962B0C45-AB29-4383-AC16-C6E8245D0FF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A0EE126B-74B2-4F79-BFE1-3DC169F3F9B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "392075E0-A9C7-4B4A-90F9-7F1ADFF5EFA7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "ECC66968-06F0-4874-A95A-A292C36E45C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "5FE986E6-1068-4E1B-8EAB-DF1EAF32B4E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability."}, {"lang": "es", "value": "La funci\u00f3n xfrm_state_netlink en net/xfrm/xfrm_user.c en el kernel de Linux anterior a v3.5.7 no controla correctamente las condiciones de error en las llamadas a funciones dump_one_state, permitiendo a usuarios locales obtener privilegios o causar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda del sistema ) mediante el aprovechamiento de la capacidad CAP_NET_ADMIN."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n'CWE-476: NULL Pointer Dereference'", "evaluatorImpact": "Per https://bugzilla.redhat.com/show_bug.cgi?id=919384\r\n\"This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6 may address this issue.\"", "id": "CVE-2013-1826", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-22T11:59:11.607", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"}, {"source": "secalert@redhat.com", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1829-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"}, {"source": "secalert@redhat.com", "url": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1829-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0747", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-348.4.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-04-16T00:00:00Z"}, {"advisory": "RHSA-2013:0744", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-358.6.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-04-23T00:00:00Z"}], "bugzilla": {"description": "Kernel: xfrm_user: return error pointer instead of NULL", "id": "919384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"}, "csaw": false, "cvss": {"cvss_base_score": "3.8", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", "status": "verified"}, "details": ["The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability."], "name": "CVE-2013-1826", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2012-09-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1826\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1826"], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise MRG 2.\nThis issue did affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.", "threat_severity": "Moderate"}

{}