UBUNTU-CVE-2013-7446
Advisory lineage Upstream: 1 Downstream: 4
Upstream
Downstream
Published: 28 Dec 2015, 00:00
Last modified:22 Apr 2026, 09:25
Vulnerability Summary
Overall Risk (default)
low
21/100 CVSS Score
5.3 MEDIUM
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
28 Dec 2015, 00:00
Published
Vulnerability first disclosed
22 Apr 2026, 09:25
Last Modified
Vulnerability information updated
Description
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
CVSS Metrics
- v3.0•MEDIUM•Score: 5.3CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected Systems
- ubuntu•linux
< 3.13.0-77.121
- ubuntu•linux-lts-utopic
< 3.16.0-60.80~14.04.1
- ubuntu•linux-lts-vivid
< 3.19.0-49.55~14.04.1
- ubuntu•linux-lts-wily
< 4.2.0-27.32~14.04.1
References (15)
- https://ubuntu.com/security/CVE-2013-7446
- https://bugzilla.redhat.com/show_bug.cgi?id=1273845
- https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8
- http://www.openwall.com/lists/oss-security/2015/11/18/9
- https://ubuntu.com/security/notices/USN-2886-1
- https://ubuntu.com/security/notices/USN-2886-2
- https://ubuntu.com/security/notices/USN-2889-2
- https://ubuntu.com/security/notices/USN-2889-1
- https://ubuntu.com/security/notices/USN-2887-1
- https://ubuntu.com/security/notices/USN-2887-2
- https://ubuntu.com/security/notices/USN-2888-1
- https://ubuntu.com/security/notices/USN-2890-1
- https://ubuntu.com/security/notices/USN-2890-2
- https://ubuntu.com/security/notices/USN-2890-3
- https://www.cve.org/CVERecord?id=CVE-2013-7446