CVE-2013-6282

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 3.5.5

Description The issue arises from improper input validation in the Linux kernel, specifically in the (1) get user and (2) put user API functions on the v6k and v7 ARM platforms. This allows attackers to read or modify arbitrary kernel memory locations via a crafted application. There have been real-world incidents where this issue was exploited against Android devices in October and November 2013.

Recommendations For Linux Kernel versions prior to 3.5.5, update to version 3.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the get user and put user API functions to minimize the risk of exploitation.