Linux Kernel 3.12 Adaptec RAID Controller Support commctrl.c aac_send_raw_srb input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Linux Kernel 3.12. It has been classified as problematic. This impacts the function aac_send_raw_srb of the file drivers/scsi/aacraid/commctrl.c of the component Adaptec RAID Controller Support. This manipulation causes input validation.
This vulnerability is tracked as CVE-2013-6380. No exploit exists.
Applying a patch is the recommended action to fix this issue.
Details
A vulnerability has been found in Linux Kernel 3.12 (Operating System) and classified as problematic. Affected by this vulnerability is the function aac_send_raw_srb of the file drivers/scsi/aacraid/commctrl.c of the component Adaptec RAID Controller Support. The manipulation with an unknown input leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. As an impact it is known to affect availability. The summary by CVE is:
The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.
The weakness was disclosed 11/20/2013 by Fabian Yamaguchi and Nico Golde as Linux kernel CVE fixes as confirmed mailinglist post (oss-sec). The advisory is shared at seclists.org. The public release has been coordinated in cooperation with Linux. This vulnerability is known as CVE-2013-6380 since 11/04/2013. An attack has to be approached locally. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 71222 (Fedora 20 : kernel-3.11.10-300.fc20 (2013-22531)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 195833 (Ubuntu Security Notification for Linux-lts-saucy Vulnerabilities (USN-2070-1)).
Applying the patch aacraid: prevent invalid pointer dereference is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (89194), Tenable (71222), SecurityFocus (BID 63887†), OSVDB (100296†) and Vulnerability Center (SBV-42569†). Additional details are provided at bugzilla.redhat.com. The entries VDB-10574, VDB-11313, VDB-11314 and VDB-11315 are pretty similar. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.2VulDB Meta Temp Score: 5.9
VulDB Base Score: 6.2
VulDB Temp Score: 5.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 71222
Nessus Name: Fedora 20 : kernel-3.11.10-300.fc20 (2013-22531)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 867387
OpenVAS Name: Fedora Update for kernel FEDORA-2013-22531
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: aacraid: prevent invalid pointer dereference
Timeline
11/04/2013 🔍11/20/2013 🔍
11/20/2013 🔍
11/22/2013 🔍
11/26/2013 🔍
11/29/2013 🔍
12/15/2013 🔍
06/02/2021 🔍
Sources
Vendor: kernel.orgAdvisory: Linux kernel CVE fixes
Researcher: Fabian Yamaguchi, Nico Golde
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2013-6380 (🔍)
GCVE (CVE): GCVE-0-2013-6380
GCVE (VulDB): GCVE-100-11317
OVAL: 🔍
X-Force: 89194
SecurityFocus: 63887
OSVDB: 100296
Vulnerability Center: 42569 - Linux Kernel 3.12.1 and Prior Local Denial of Service via an FSACTL_SEND_RAW_SRB ioctl Call (CVE-2013-6380), Medium
Misc.: 🔍
See also: 🔍
Entry
Created: 11/29/2013 09:07Updated: 06/02/2021 14:36
Changes: 11/29/2013 09:07 (80), 05/17/2017 09:01 (2), 06/02/2021 14:36 (2)
Complete: 🔍
Committer:
Cache ID: 216:3D6:103
No comments yet. Languages: en.
Please log in to comment.