1. Home
  2. Vulnerabilities
  3. CVE-2013-2851

CVE-2013-2851

CVSS v2.0 6 (Medium)
60% Progress
EPSS 0.07 % (30th)
0.07% Progress
Affected Products 1
Advisories 36
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.

Weaknesses
CWE-134
Use of Externally-Controlled Format String
CVE Status
PUBLISHED
CNA
Chrome
Published Date
2013-06-07 14:03:20
(11 years ago)
Updated Date
2023-11-07 02:15:14
(10 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel 3.9.4 and prior versions cpe:2.3:o:linux:linux_kernel <= 3.9.4
  Linux Kernel 3.9 Rc1 cpe:2.3:o:linux:linux_kernel:3.9:rc1
  Linux Kernel 3.9 Rc2 cpe:2.3:o:linux:linux_kernel:3.9:rc2
  Linux Kernel 3.9 Rc3 cpe:2.3:o:linux:linux_kernel:3.9:rc3
  Linux Kernel 3.9 Rc4 cpe:2.3:o:linux:linux_kernel:3.9:rc4
  Linux Kernel 3.9 Rc5 cpe:2.3:o:linux:linux_kernel:3.9:rc5
  Linux Kernel 3.9 Rc6 cpe:2.3:o:linux:linux_kernel:3.9:rc6
  Linux Kernel 3.9 Rc7 cpe:2.3:o:linux:linux_kernel:3.9:rc7
  Linux Kernel 3.9.0 cpe:2.3:o:linux:linux_kernel:3.9.0
  Linux Kernel 3.9.1 cpe:2.3:o:linux:linux_kernel:3.9.1
  Linux Kernel 3.9.2 cpe:2.3:o:linux:linux_kernel:3.9.2
  Linux Kernel 3.9.3 cpe:2.3:o:linux:linux_kernel:3.9.3