CVE-2013-2852

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.9.4

Description The issue allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message in the b43 request firmware function. This is located in the Broadcom B43 wireless driver.

Recommendations For Linux kernel versions through 3.9.4, consider restricting access to the b43 request firmware function until a patch is available. As a temporary workaround, avoid using the fwpostfix modprobe parameter with format string specifiers to minimize the risk of exploitation.

Exploit

Fix

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CESA-2013_1051

CVE-2013-2852

DSA-2745-1

DSA-2766-1

MGASA-2013-0203

MGASA-2013-0204

MGASA-2013-0209

MGASA-2013-0210

MGASA-2013-0211

MGASA-2013-0212

MGASA-2013-0213

MGASA-2013-0214

MGASA-2013-0215

RHSA-2013:1051

RHSA-2013:1080

RHSA-2013:1264

RHSA-2013:1450

RHSA-2013_1051

SUSE-RU-2015:0621-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-1899-1

USN-1900-1

USN-1914-1

USN-1915-1

USN-1916-1

USN-1917-1

USN-1918-1

USN-1919-1

USN-1920-1

USN-1930-1

USN-1936-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

CVE-2013-2852

Weakness Enumeration

Related Identifiers

Affected Products

References · 122