CISA KEV 정보
| 취약점명 | Linux Kernel Improper Input Validation Vulnerability |
|---|---|
| 설명 | The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-20 |
| 등록일 (KEV) | 2022-09-15 |
| 조치 기한 | 2022-10-06 |
| 추가 참고 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8404663f81d212918ff85f493649a7991209fa04; https://nvd.nist.gov/vuln/detail/CVE-2013-6282 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C설명: The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
CWE: CWE-20 | CWE-20
참조
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8404663f81d212918ff85f493649a7991209fa04 [Patch]
- http://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282 [Patch]
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5 [Mailing List, Vendor Advisory]
- http://www.openwall.com/lists/oss-security/2013/11/14/11 [Mailing List]
- http://www.securityfocus.com/bid/63734 [Third Party Advisory, VDB Entry]
- http://www.ubuntu.com/usn/USN-2067-1 [Third Party Advisory, VDB Entry]
- https://github.com/torvalds/linux/commit/8404663f81d212918ff85f493649a7991209fa04 [Exploit, Patch]
- https://www.exploit-db.com/exploits/40975/ [Exploit, Third Party Advisory, VDB Entry]
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8404663f81d212918ff85f493649a7991209fa04 [Patch]
- http://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282 [Patch]
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5 [Mailing List, Vendor Advisory]
- http://www.openwall.com/lists/oss-security/2013/11/14/11 [Mailing List]
- http://www.securityfocus.com/bid/63734 [Third Party Advisory, VDB Entry]
- http://www.ubuntu.com/usn/USN-2067-1 [Third Party Advisory, VDB Entry]
- https://github.com/torvalds/linux/commit/8404663f81d212918ff85f493649a7991209fa04 [Exploit, Patch]
- ... 외 2건
This product uses the NVD API but is not endorsed or certified by the NVD.