CVE-2013-2147
Vulnerability Summary
Timeline
Description
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.
CVSS Metrics
- v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.10%• Percentile: 28%
Techniques & Countermeasures
- CWE-399•Resource Management Errors
Weaknesses in this category are related to improper management of system resources.
Affected Systems
- linux•linux_kernel
≤ 3.9.4 | 3.9:rc1 | 3.9:rc2 | 3.9:rc3 | 3.9:rc4 | 3.9:rc5 | 3.9:rc6 | 3.9:rc7 | 3.9.0 | 3.9.1 | 3.9.2 | 3.9.3
- suse•linux_enterprise_server
10:sp4
References (16)
- http://www.ubuntu.com/usn/USN-2015-1
- http://rhn.redhat.com/errata/RHSA-2013-1166.html
- http://www.openwall.com/lists/oss-security/2013/06/05/25
- http://www.ubuntu.com/usn/USN-1996-1
- http://www.ubuntu.com/usn/USN-1994-1
- http://www.ubuntu.com/usn/USN-1997-1
- https://bugzilla.redhat.com/show_bug.cgi?id=971242
- http://www.ubuntu.com/usn/USN-2016-1
- http://www.ubuntu.com/usn/USN-2020-1
- http://lkml.org/lkml/2013/6/3/127
- http://www.ubuntu.com/usn/USN-2017-1
- http://www.ubuntu.com/usn/USN-2023-1
- http://www.ubuntu.com/usn/USN-2050-1
- http://www.ubuntu.com/usn/USN-1999-1
- http://lkml.org/lkml/2013/6/3/131
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html