PT-2013-6014 · Linux+4 · Linux Kernel+4

Andrew Honig

·

Published

2013-12-12

·

Updated

2023-02-13

·

CVE-2013-6368

CVSS v2.0

6.2

Medium

VectorAV:L/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.12.6
Description The issue allows local users to gain privileges or cause a denial of service, resulting in a system crash, via a VAPIC synchronization operation involving a page-end address.
Recommendations For versions prior to 3.12.6, update to version 3.12.6 or later to resolve the issue.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2013-1290
ALT-PU-2013-1301
ALT-PU-2013-1302
ALT-PU-2013-1303
ALT-PU-2013-1312
ALT-PU-2014-1009
ALT-PU-2014-1422
ALT-PU-2014-1547
CESA-2013_1801
CVE-2013-6368
MGASA-2013-0371
MGASA-2013-0373
MGASA-2013-0374
MGASA-2013-0375
MGASA-2014-0043
OPENSUSE-SU-2014_0204-1
OPENSUSE-SU-2014_0205-1
RHSA-2013:1801
RHSA-2013_1801
RHSA-2014:0163
RHSA-2014:0284
RHSA-2014_0163
SUSE-RU-2015:0621-1
SUSE-SU-2015:0481-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0652-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
SUSE-SU-2017:0437-1
SUSE-SU-2017:1102-1
USN-2113-1
USN-2117-1
USN-2133-1
USN-2134-1
USN-2135-1
USN-2136-1
USN-2138-1
USN-2139-1
USN-2141-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse