The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call.
CVE-2013-1772 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-3.0.40
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/?wsslib=linux
Found in HEAD commit: 22324ae9738f0a1eeb173ff05137c8317c350189
Found in base branch: master
Vulnerable Source Files (3)
/include/linux/syslog.h /include/linux/syslog.h /include/linux/syslog.h
Vulnerability Details
The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call.
Publish Date: 2013-02-28
URL: CVE-2013-1772
CVSS 3 Score Details (5.1)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-1772
Release Date: 2013-02-28
Fix Resolution: 3.4.33
Step up your Open Source Security Game with Mend here