Vulnerability Details : CVE-2013-1929
Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2013-1929
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1929
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1929
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
CWE ids for CVE-2013-1929
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1929
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=715230a44310a8cf66fbfb5a46f9a62a9b2de424
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101836.html
[SECURITY] Fedora 18 Update: kernel-3.8.6-203.fc18
-
http://www.ubuntu.com/usn/USN-1835-1
USN-1835-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.6
-
http://www.ubuntu.com/usn/USN-1838-1
USN-1838-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
https://bugzilla.redhat.com/show_bug.cgi?id=949932
949932 – (CVE-2013-1929) CVE-2013-1929 Kernel: tg3: buffer overflow in VPD firmware parsing
-
http://www.openwall.com/lists/oss-security/2013/04/06/3
oss-security - Re: CVE Request: tg3 VPD firmware -> driver injection
-
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html
[security-announce] SUSE-SU-2013:1474-1: important: Security update for
-
http://www.ubuntu.com/usn/USN-1836-1
USN-1836-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf
Exploit
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
mandriva.com
-
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html
[security-announce] SUSE-SU-2013:1473-1: important: Security update for
-
http://www.ubuntu.com/usn/USN-1834-1
USN-1834-1: Linux kernel (Quantal HWE) vulnerabilities | Ubuntu security notices
-
http://rhn.redhat.com/errata/RHSA-2013-1645.html
RHSA-2013:1645 - Security Advisory - Red Hat Customer Portal
-
https://github.com/torvalds/linux/commit/715230a44310a8cf66fbfb5a46f9a62a9b2de424
tg3: fix length overflow in VPD firmware parsing · torvalds/linux@715230a · GitHubExploit;Patch
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
openSUSE-SU-2013:1971-1: moderate: kernel: security and bugfix update
Jump to