1. Home
  2. Vulnerabilities
  3. CVE-2013-1826

CVE-2013-1826

CVSS v2.0 6.2 (Medium)
62% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 1
Advisories 13
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.

Weaknesses
CWE-NVD-Other
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2013-03-22 11:59:11
(11 years ago)
Updated Date
2023-02-13 00:27:58
(19 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel 3.5.6 and prior versions cpe:2.3:o:linux:linux_kernel <= 3.5.6
  Linux Kernel 3.5.1 cpe:2.3:o:linux:linux_kernel:3.5.1
  Linux Kernel 3.5.2 cpe:2.3:o:linux:linux_kernel:3.5.2
  Linux Kernel 3.5.3 cpe:2.3:o:linux:linux_kernel:3.5.3
  Linux Kernel 3.5.4 cpe:2.3:o:linux:linux_kernel:3.5.4
  Linux Kernel 3.5.5 cpe:2.3:o:linux:linux_kernel:3.5.5