Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
AV:L/AC:H/Au:N/C:N/I:N/A:C
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Linux |
|
Configuration 1 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2013-11-27T02:00:00
Updated: 2024-08-06T17:39:01.255Z
Reserved: 2013-11-04T00:00:00
Link: CVE-2013-6382
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-11-27T04:43:33.217
Modified: 2016-12-31T02:59:08.030
Link: CVE-2013-6382
Redhat