1. Home
  2. Vulnerabilities
  3. CVE-2013-2148

CVE-2013-2148

CVSS v2.0 2.1 (Low)
21% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 1
Advisories 30
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.

Weaknesses
CWE-399
Resource Management Errors
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2013-06-07 14:03:19
(11 years ago)
Updated Date
2023-02-13 04:42:57
(19 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel 3.9.4 and prior versions cpe:2.3:o:linux:linux_kernel <= 3.9.4
  Linux Kernel 3.9 Rc1 cpe:2.3:o:linux:linux_kernel:3.9:rc1
  Linux Kernel 3.9 Rc2 cpe:2.3:o:linux:linux_kernel:3.9:rc2
  Linux Kernel 3.9 Rc3 cpe:2.3:o:linux:linux_kernel:3.9:rc3
  Linux Kernel 3.9 Rc4 cpe:2.3:o:linux:linux_kernel:3.9:rc4
  Linux Kernel 3.9 Rc5 cpe:2.3:o:linux:linux_kernel:3.9:rc5
  Linux Kernel 3.9 Rc6 cpe:2.3:o:linux:linux_kernel:3.9:rc6
  Linux Kernel 3.9 Rc7 cpe:2.3:o:linux:linux_kernel:3.9:rc7
  Linux Kernel 3.9.0 cpe:2.3:o:linux:linux_kernel:3.9.0
  Linux Kernel 3.9.1 cpe:2.3:o:linux:linux_kernel:3.9.1
  Linux Kernel 3.9.2 cpe:2.3:o:linux:linux_kernel:3.9.2
  Linux Kernel 3.9.3 cpe:2.3:o:linux:linux_kernel:3.9.3