{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-03T00:00:00", "descriptions": [{"lang": "en", "value": "The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-02T14:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-1929-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1929-1"}, {"name": "[linux-kernel] 20130603 [patch] fanotify: info leak in copy_event_to_user()", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lkml.org/lkml/2013/6/3/128"}, {"name": "SUSE-SU-2013:1473", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"}, {"name": "openSUSE-SU-2013:1971", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971258"}, {"name": "USN-1930-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1930-1"}, {"name": "SUSE-SU-2013:1474", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"}, {"name": "[oss-security] 20130605 Re: CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/06/05/26"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:27:40.980Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1929-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1929-1"}, {"name": "[linux-kernel] 20130603 [patch] fanotify: info leak in copy_event_to_user()", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lkml.org/lkml/2013/6/3/128"}, {"name": "SUSE-SU-2013:1473", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"}, {"name": "openSUSE-SU-2013:1971", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971258"}, {"name": "USN-1930-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1930-1"}, {"name": "SUSE-SU-2013:1474", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"}, {"name": "[oss-security] 20130605 Re: CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/06/05/26"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2148", "datePublished": "2013-06-07T10:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:27:40.980Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "85769384-09E4-4F8C-9C74-622A966F9481", "versionEndIncluding": "3.9.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "42633FF9-FB0C-4095-B4A1-8D623A98683B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "08C04619-89A2-4B15-82A2-48BCC662C1F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*", "matchCriteriaId": "5B039196-7159-476C-876A-C61242CC41DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*", "matchCriteriaId": "3A9E0457-53C9-44DD-ACFB-31EE1D1E060E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*", "matchCriteriaId": "BEE406E7-87BA-44BA-BF61-673E6CC44A2F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*", "matchCriteriaId": "29FBA173-658F-45DC-8205-934CACD67166", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*", "matchCriteriaId": "139700F0-BA32-40CF-B9DF-C9C450384FDE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E578085C-3968-4543-BEBA-EE3C3CB4FA02", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "4DCFA441-68FB-4559-A245-FF0B79DE43CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "8C2508D8-6571-4B81-A0D7-E494CCD039CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "8B516926-5E86-4C0A-85F3-F64E1FCDA249", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor."}, {"lang": "es", "value": "La funci\u00f3n fill_event_metadata en fs/notify/fanotify/fanotify_user.c en Linux kernel hasta v3.9.4 no inicializa determinadas estructuras, lo que permite a atacantes locales obtener informaci\u00f3n sensible desde la memoria del kernel a trav\u00e9s de una operaci\u00f3n de lectura en el descriptor fanotify."}], "id": "CVE-2013-2148", "lastModified": "2024-11-21T01:51:08.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-07T14:03:19.893", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"source": "secalert@redhat.com", "url": "http://lkml.org/lkml/2013/6/3/128"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/06/05/26"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1929-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1930-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971258"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lkml.org/lkml/2013/6/3/128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/06/05/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1929-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1930-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971258"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1264", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.6.11.5-rt37.55.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-09-16T00:00:00Z"}], "bugzilla": {"description": "Kernel: fanotify: info leak in copy_event_to_user", "id": "971258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971258"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor."], "name": "CVE-2013-2148", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2013-06-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2148\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2148"], "statement": "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with\nRed Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2\nmay address this issue.", "threat_severity": "Low"}