The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
AV:L/AC:M/Au:N/C:N/I:N/A:C
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Linux |
|
Configuration 1 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2013-07-28T18:00:00
Updated: 2024-08-06T16:30:50.015Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4129
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-07-29T13:59:56.803
Modified: 2023-02-13T04:44:52.267
Link: CVE-2013-4129
Redhat