Linux Kernel 3.9.8 net/key/af_key.c key_notify_policy_flush memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.8 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Linux Kernel 3.9.8 and classified as problematic. This vulnerability affects the function key_notify_policy_flush of the file net/key/af_key.c. The manipulation leads to memory corruption.
This vulnerability was named CVE-2013-2237. There is no exploit available.
It is recommended to apply a patch to fix this issue.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Details
A vulnerability, which was classified as problematic, was found in Linux Kernel 3.9.8 (Operating System). This affects the function key_notify_policy_flush of the file net/key/af_key.c. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality. The summary by CVE is:
The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
The weakness was published 02/18/2013 by Michal Hocko as confirmed mailinglist post (oss-sec). The advisory is shared at seclists.org. This vulnerability is uniquely identified as CVE-2013-2237 since 02/19/2013. The exploitability is told to be easy. An attack has to be approached locally. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 70539 (Ubuntu 12.04 LTS : linux vulnerability (USN-1992-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Ubuntu Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 156673 (Oracle Enterprise Linux Security Update for Unbreakable Enterprise Kernel (ELSA-2013-2543)).
Upgrading to version 3.9 eliminates this vulnerability. Applying the patch patch-3.9 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (85558), Tenable (70539), SecurityFocus (BID 60953†), OSVDB (94853†) and Secunia (SA54311†). Similar entries are available at VDB-9053, VDB-9055, VDB-9251 and VDB-9304. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.0VulDB Meta Temp Score: 3.8
VulDB Base Score: 4.0
VulDB Temp Score: 3.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 70539
Nessus Name: Ubuntu 12.04 LTS : linux vulnerability (USN-1992-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 892745
OpenVAS Name: Debian Security Advisory DSA 2745-1 (linux - privilege escalation/denial of service/information leak
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Kernel 3.9
Patch: patch-3.9
Timeline
02/18/2013 🔍02/18/2013 🔍
02/19/2013 🔍
07/03/2013 🔍
07/03/2013 🔍
07/04/2013 🔍
07/08/2013 🔍
09/04/2013 🔍
10/06/2013 🔍
10/22/2013 🔍
05/18/2021 🔍
Sources
Vendor: kernel.orgAdvisory: seclists.org
Researcher: Michal Hocko
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2013-2237 (🔍)
GCVE (CVE): GCVE-0-2013-2237
GCVE (VulDB): GCVE-100-9345
OVAL: 🔍
X-Force: 85558
SecurityFocus: 60953
Secunia: 54311 - OpenVZ update for kernel, Less Critical
OSVDB: 94853
Vulnerability Center: 41780 - Linux Kernel 3.8 Local Information Disclosure Vulnerability Via a Broadcast Message From The notify_policy Interface, Low
See also: 🔍
Entry
Created: 07/08/2013 05:02 PMUpdated: 05/18/2021 07:22 AM
Changes: 07/08/2013 05:02 PM (84), 05/12/2017 08:52 PM (1), 05/18/2021 07:16 AM (4), 05/18/2021 07:22 AM (1)
Complete: 🔍
Committer: olku
Cache ID: 18:85E:40
No comments yet. Languages: en.
Please log in to comment.