[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2013-0372":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":76,"duplicates":77,"related":78,"reserved_at":9,"published_at":110,"modified_at":111,"state":9,"summary":112,"references_raw":114,"kevs":231,"epss":9,"epss_history":232,"metrics":233,"affected":234},"MGASA-2013-0372","Updated kernel-linus packages fix security vulnerabilities\n\nThis kernel-linus update provides an update to the 3.10 longterm\nbranch, currently 3.10.24 and fixes the following security issues:\n\nThe ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux\nkernel through 3.10 does not properly handle problems with the generation\nof IPv6 temporary addresses, which allows remote attackers to cause a\ndenial of service (excessive retries and address-generation outage), and\nconsequently obtain sensitive information, via ICMPv6 Router Advertisement\n(RA) messages. (CVE-2013-0343)\n\nnet/ceph/auth_none.c in the Linux kernel through 3.10 allows remote\nattackers to cause a denial of service (NULL pointer dereference and\nsystem crash) or possibly have unspecified other impact via an auth_reply\nmessage that triggers an attempted build_request operation.\n(CVE-2013-1059)\n\nThe dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in\nthe Xen blkback implementation in the Linux kernel before 3.10.5 allows\nguest OS users to cause a denial of service (data loss) via filesystem\nwrite operations on a read-only disk that supports the (1) \nBLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.\n(CVE-2013-2140)\n\nThe HP Smart Array controller disk-array driver and Compaq SMART2\ncontroller disk-array driver in the Linux kernel through 3.9.4 do not\ninitialize certain data structures, which allows local users to obtain\nsensitive information from kernel memory via (1) a crafted IDAGETPCIINFO\ncommand for a /dev/ida device, related to the ida_locked_ioctl function in\ndrivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a\n/dev/cciss device, related to the cciss_ioctl32_passthru function in\ndrivers/block/cciss.c. (CVE-2013-2147)\n\nFormat string vulnerability in the register_disk function in block/genhd.c\nin the Linux kernel through 3.9.4 allows local users to gain privileges by\nleveraging root access and writing format string specifiers to\n/sys/module/md_mod/parameters/new_array in order to create a crafted\n/dev/md device name. (CVE-2013-2851)\n\nMultiple array index errors in drivers/hid/hid-core.c in the Human\nInterface Device (HID) subsystem in the Linux kernel through 3.11\nallow physically proximate attackers to execute arbitrary code or\ncause a denial of service (heap memory corruption) via a crafted\ndevice that provides an invalid Report ID (CVE-2013-2888).\n\ndrivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem\nin the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled,\nallows physically proximate attackers to cause a denial of service\n(heap-based out-of-bounds write) via a crafted device (CVE-2013-2889).\n\ndrivers/hid/hid-steelseries.c in the Human Interface Device (HID)\nsubsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is\nenabled, allows physically proximate attackers to cause a denial of\nservice (heap-based out-of-bounds write) via a crafted device.\n(CVE-2013-2891)\n\ndrivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in\nthe Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled,\nallows physically proximate attackers to cause a denial of service\n(heap-based out-of-bounds write) via a crafted device (CVE-2013-2892).\n\nThe Human Interface Device (HID) subsystem in the Linux kernel\nthrough 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or\nCONFIG_LOGIWHEELS_FF is enabled, allows physically proximate\nattackers to cause a denial of service (heap-based out-of-bounds\nwrite) via a crafted device, related to (1) drivers/hid/hid-lgff.c,\n(2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c\n(CVE-2013-2893).\n\ndrivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID)\nsubsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD\nis enabled, allows physically proximate attackers to cause a denial of\nservice (heap-based out-of-bounds write) via a crafted device.\n(CVE-2013-2894)\n\ndrivers/hid/hid-logitech-dj.c in the Human Interface Device (HID)\nsubsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ\nis enabled, allows physically proximate attackers to cause a denial\nof service (NULL pointer dereference and OOPS) or obtain sensitive\ninformation from kernel memory via a crafted device (CVE-2013-2895).\n\ndrivers/hid/hid-ntrig.c in the Human Interface Device (HID)\nsubsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG\nis enabled, allows physically proximate attackers to cause a denial\nof service (NULL pointer dereference and OOPS) via a crafted device\n(CVE-2013-2896).\n\nMultiple array index errors in drivers/hid/hid-multitouch.c in the\nHuman Interface Device (HID) subsystem in the Linux kernel through\n3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate\nattackers to cause a denial of service (heap memory corruption, or NULL\npointer dereference and OOPS) via a crafted device (CVE-2013-2897).\n\ndrivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem\nin the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled,\nallows physically proximate attackers to obtain sensitive information from\nkernel memory via a crafted device. (CVE-2013-2898)\n\ndrivers/hid/hid-picolcd_core.c in the Human Interface Device (HID)\nsubsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD\nis enabled, allows physically proximate attackers to cause a denial\nof service (NULL pointer dereference and OOPS) via a crafted device\n(CVE-2013-2899).\n\nThe Linux kernel before 3.12.2 does not properly use the get_dumpable\nfunction, which allows local users to bypass intended ptrace restrictions\nor obtain sensitive information from IA64 scratch registers via a crafted\napplication, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h\n(CVE-2013-2929)\n\nThe perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the\nLinux kernel before 3.12.2 does not properly restrict access to the perf\nsubsystem, which allows local users to enable function tracing via a crafted\napplication. (CVE-2013-2930)\n\nThe udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6\nimplementation in the Linux kernel through 3.10.3 makes an incorrect\nfunction call for pending data, which allows local users to cause a\ndenial of service (BUG and system crash) via a crafted application that\nuses the UDP_CORK option in a setsockopt system call (CVE-2013-4162).\n\nThe ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6\nimplementation in the Linux kernel through 3.10.3 does not properly\nmaintain information about whether the IPV6_MTU setsockopt option\nhad been specified, which allows local users to cause a denial of\nservice (BUG and system crash) via a crafted application that uses\nthe UDP_CORK option in a setsockopt system call (CVE-2013-4163).\n\nThe validate_event function in arch/arm/kernel/perf_event.c in the\nLinux kernel before 3.10.8 on the ARM platform allows local users to\ngain privileges or cause a denial of service (NULL pointer dereference\nand system crash) by adding a hardware event to an event group led\nby a software event (CVE-2013-4254)\n\nInterpretation conflict in drivers/md/dm-snap-persistent.c in the Linux\nkernel through 3.11.6 allows remote authenticated users to obtain\nsensitive information or modify data via a crafted mapping to a snapshot\nblock device. (CVE-2013-4299)\n\nThe skb_flow_dissect function in net/core/flow_dissector.c in the\nLinux kernel through 3.12 allows remote attackers to cause a denial\nof service (infinite loop) via a small value in the IHL field of a\npacket with IPIP encapsulation (CVE-2013-4348).\n\nThe IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel\nthrough 3.11.1 uses data structures and function calls that do not\ntrigger an intended configuration of IPsec encryption, which allows\nremote attackers to obtain sensitive information by sniffing the\nnetwork (CVE-2013-4350).\n\nnet/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not\nproperly determine the need for UDP Fragmentation Offload (UFO)\nprocessing of small packets after the UFO queueing of a large packet,\nwhich allows remote attackers to cause a denial of service (memory\ncorruption and system crash) or possibly have unspecified other\nimpact via network traffic that triggers a large response packet\n(CVE-2013-4387).\n\nThe Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is\nenabled, does not properly initialize certain data structures, which\nallows local users to cause a denial of service (memory corruption and\nsystem crash) or possibly gain privileges via a crafted application\nthat uses the UDP_CORK option in a setsockopt system call and\nsends both short and long packets, related to the ip_ufo_append_data\nfunction in net/ipv4/ip_output.c and the ip6_ufo_append_data function\nin net/ipv6/ip6_output.c (CVE-2013-4470).\n\nBuffer overflow in the oz_cdev_write function in\ndrivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows\nlocal users to cause a denial of service or possibly have unspecified\nother impact via a crafted write operation. (CVE-2013-4513)\n\nThe lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c\nin the Linux kernel through 3.12.1 allows local users to cause a denial of\nservice (OOPS) by leveraging root privileges for a zero-length write\noperation. (CVE-2013-6378)\n\nThe aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the\nLinux kernel through 3.12.1 does not properly validate a certain size\nvalue, which allows local users to cause a denial of service (invalid\npointer dereference) or possibly have unspecified other impact via an\nFSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.\n(CVE-2013-6380)\n\nBuffer overflow in the qeth_snmp_command function in \ndrivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1\nallows local users to cause a denial of service or possibly have\nunspecified other impact via an  SNMP ioctl call with a length value that\nis incompatible with the command-buffer size. (CVE-2013-6381)\n\nThe aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux\nkernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which\nallows local users to bypass intended access restrictions via a crafted\nioctl call. (CVE-2013-6383)\n\nFor other -stable fixes, read the referenced changelogs.\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74],{"_key":15},"CVE-2013-0343",{"_key":17},"CVE-2013-1059",{"_key":19},"CVE-2013-2140",{"_key":21},"CVE-2013-2147",{"_key":23},"CVE-2013-2851",{"_key":25},"CVE-2013-2888",{"_key":27},"CVE-2013-2889",{"_key":29},"CVE-2013-2891",{"_key":31},"CVE-2013-2892",{"_key":33},"CVE-2013-2893",{"_key":35},"CVE-2013-2894",{"_key":37},"CVE-2013-2895",{"_key":39},"CVE-2013-2896",{"_key":41},"CVE-2013-2897",{"_key":43},"CVE-2013-2898",{"_key":45},"CVE-2013-2899",{"_key":47},"CVE-2013-2929",{"_key":49},"CVE-2013-2930",{"_key":51},"CVE-2013-4162",{"_key":53},"CVE-2013-4163",{"_key":55},"CVE-2013-4254",{"_key":57},"CVE-2013-4299",{"_key":59},"CVE-2013-4348",{"_key":61},"CVE-2013-4350",{"_key":63},"CVE-2013-4387",{"_key":65},"CVE-2013-4470",{"_key":67},"CVE-2013-4513",{"_key":69},"CVE-2013-6378",{"_key":71},"CVE-2013-6380",{"_key":73},"CVE-2013-6381",{"_key":75},"CVE-2013-6383",[],[],[79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},"2013-12-17T23:19:07Z","2026-04-16T06:22:47.160957654Z",{"cisa_kev":113,"cisa_ransomware":113,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[115,121,126,131,135,139,143,147,151,155,159,163,167,171,175,179,183,187,191,195,199,203,207,211,215,219,223,227],{"url":116,"sources":117,"tags":119},"https://advisories.mageia.org/MGASA-2013-0372.html",[118],"osv_mageia",[120],"Advisory",{"url":122,"sources":123,"tags":124},"https://bugs.mageia.org/show_bug.cgi?id=11464",[118],[125],"REPORT",{"url":127,"sources":128,"tags":129},"http://kernelnewbies.org/Linux_3.9",[118],[125,130],"WEB",{"url":132,"sources":133,"tags":134},"http://kernelnewbies.org/Linux_3.10",[118],[125,130],{"url":136,"sources":137,"tags":138},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.1",[118],[125,130],{"url":140,"sources":141,"tags":142},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.2",[118],[125,130],{"url":144,"sources":145,"tags":146},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.3",[118],[125,130],{"url":148,"sources":149,"tags":150},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.4",[118],[125,130],{"url":152,"sources":153,"tags":154},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5",[118],[125,130],{"url":156,"sources":157,"tags":158},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.6",[118],[125,130],{"url":160,"sources":161,"tags":162},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.7",[118],[125,130],{"url":164,"sources":165,"tags":166},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.8",[118],[125,130],{"url":168,"sources":169,"tags":170},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.9",[118],[125,130],{"url":172,"sources":173,"tags":174},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.10",[118],[125,130],{"url":176,"sources":177,"tags":178},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.11",[118],[125,130],{"url":180,"sources":181,"tags":182},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.12",[118],[125,130],{"url":184,"sources":185,"tags":186},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.13",[118],[125,130],{"url":188,"sources":189,"tags":190},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.14",[118],[125,130],{"url":192,"sources":193,"tags":194},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.15",[118],[125,130],{"url":196,"sources":197,"tags":198},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.16",[118],[125,130],{"url":200,"sources":201,"tags":202},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.17",[118],[125,130],{"url":204,"sources":205,"tags":206},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.18",[118],[125,130],{"url":208,"sources":209,"tags":210},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.19",[118],[125,130],{"url":212,"sources":213,"tags":214},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.20",[118],[125,130],{"url":216,"sources":217,"tags":218},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.21",[118],[125,130],{"url":220,"sources":221,"tags":222},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.22",[118],[125,130],{"url":224,"sources":225,"tags":226},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.23",[118],[125,130],{"url":228,"sources":229,"tags":230},"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.24",[118],[125,130],[],[],[],[235],{"ecosystem":236,"name":237,"vendor":238,"product":237,"cpe_part":9,"purl_type":239,"purl_namespace":238,"purl_name":237,"source":9,"versions":240},"Mageia","kernel-linus","mageia","rpm",[241],{"version":242,"is_range":243,"range_type":244,"version_start":9,"version_start_type":9,"version_end":245,"version_end_type":246,"fixed_in":9},"lt3_10_24_1_mga3",true,"ecosystem","3.10.24-1.mga3","excluding"]