PT-2013-3476 · Linux+4 · Linux Kernel+4

Brad Spengler

Published

2013-04-29

Updated

2023-02-13

CVE-2013-1928

CVSS v2.0

4.7

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.6.5

Description The issue is related to a lack of error checking in the do video set spu palette function, which could potentially allow local users to access sensitive information from kernel stack memory. This can be achieved through a crafted VIDEO SET SPU PALETTE ioctl call on a /dev/dvb device.

Recommendations For Linux kernel versions prior to 3.6.5, update to version 3.6.5 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2013-1178

CESA-2013_1645

CVE-2013-1928

DSA-2668-1

RHSA-2013:1645

RHSA-2013_1645

SUSE-SU-2015:0652-1

USN-1644-1

USN-1645-1

USN-1648-1

USN-1649-1

USN-1652-1

USN-1671-1

USN-1673-1

USN-1704-1

USN-1824-1

USN-1829-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2013-3476 · Linux+4 · Linux Kernel+4

CVE-2013-1928

Weakness Enumeration

Related Identifiers

Affected Products

References · 30