CVE-2013-2147

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-2147
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://lkml.org/lkml/2013/6/3/127
http://lkml.org/lkml/2013/6/3/131
http://rhn.redhat.com/errata/RHSA-2013-1166.html
http://www.openwall.com/lists/oss-security/2013/06/05/25
http://www.ubuntu.com/usn/USN-1994-1
http://www.ubuntu.com/usn/USN-1996-1
http://www.ubuntu.com/usn/USN-1997-1
http://www.ubuntu.com/usn/USN-1999-1
http://www.ubuntu.com/usn/USN-2015-1
http://www.ubuntu.com/usn/USN-2016-1
http://www.ubuntu.com/usn/USN-2017-1
http://www.ubuntu.com/usn/USN-2020-1
http://www.ubuntu.com/usn/USN-2023-1
http://www.ubuntu.com/usn/USN-2050-1
https://bugzilla.redhat.com/show_bug.cgi?id=971242
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
History

No history.

Information

Published : 2013-06-07 14:03

Updated : 2023-12-10 11:16

NVD link : CVE-2013-2147

Mitre link : CVE-2013-2147

CVE.ORG link : CVE-2013-2147

JSON object : View

Products Affected

linux

  • linux_kernel

suse

  • linux_enterprise_server
CWE
CWE-399

Resource Management Errors