1. Home
  2. Vulnerabilities
  3. CVE-2013-0914

CVE-2013-0914

CVSS v2.0 3.6 (Low)
36% Progress
EPSS 0.04 % (11th)
0.04% Progress
Affected Products 1
Advisories 41
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.

Weaknesses
CWE-264
Permissions, Privileges, and Access Controls
CVE Status
PUBLISHED
CNA
Chrome
Published Date
2013-03-22 11:59:11
(11 years ago)
Updated Date
2023-11-07 02:14:27
(10 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel 3.8.3 and prior versions cpe:2.3:o:linux:linux_kernel <= 3.8.3
  Linux Kernel 3.8.0 cpe:2.3:o:linux:linux_kernel:3.8.0
  Linux Kernel 3.8.1 cpe:2.3:o:linux:linux_kernel:3.8.1
  Linux Kernel 3.8.2 cpe:2.3:o:linux:linux_kernel:3.8.2