Vulnerability Details : CVE-2013-1848
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.
Vulnerability category: Input validation
Products affected by CVE-2013-1848
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1848
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1848
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.2
|
MEDIUM | AV:L/AC:H/Au:N/C:C/I:C/A:C |
1.9
|
10.0
|
NIST |
CWE ids for CVE-2013-1848
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1848
-
https://bugzilla.redhat.com/show_bug.cgi?id=920783
920783 – (CVE-2013-1848) CVE-2013-1848 kernel: ext3: format string issues
-
http://www.ubuntu.com/usn/USN-1813-1
USN-1813-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://rhn.redhat.com/errata/RHSA-2013-1051.html
RHSA-2013:1051 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2013/03/20/8
oss-security - CVE-2013-1848 -- Linux kernel: ext3: format string issues
-
http://www.ubuntu.com/usn/USN-1812-1
USN-1812-1: Linux kernel (Quantal HWE) vulnerabilities | Ubuntu security notices
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0c2d10dd72c5292eda7a06231056a4c972e4cc
-
http://www.ubuntu.com/usn/USN-1811-1
USN-1811-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
-
https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc
ext3: Fix format string issues · torvalds/linux@8d0c2d1 · GitHubExploit;Patch
-
http://rhn.redhat.com/errata/RHSA-2013-0928.html
RHSA-2013:0928 - Security Advisory - Red Hat Customer Portal
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
mandriva.com
-
http://rhn.redhat.com/errata/RHSA-2013-1026.html
RHSA-2013:1026 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-1814-1
USN-1814-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
[security-announce] openSUSE-SU-2013:0925-1: important: kernel: security
-
http://www.ubuntu.com/usn/USN-1809-1
USN-1809-1: Linux kernel vulnerabilities | Ubuntu security notices
Jump to