CVE-2013-0310 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel
Severity
6.6MEDIUMNVD
NVD5.9
EPSS
0.1%
top 81.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 22
Latest updateMay 5
Description
The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call.
CVSS vector
AV:L/AC:M/C:C/I:C/A:CExploitability: 2.7 | Impact: 10.0
Affected Packages3 packages
Also affects: Enterprise Linux 6.0
🔴Vulnerability Details
4📋Vendor Advisories
11Red Hat▶
kernel: disabled CONFIG_NETLABEL in cipso_v4_validate in include/net/cipso_ipv4.h leads to denial of service↗2013-10-19
Debian▶
CVE-2013-7470: linux - cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7,...↗2013
Debian▶
CVE-2013-0310: linux - The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel befo...↗2013