CVE-2013-1774 — NULL Pointer Dereference in Kernel

CWE-264 CWE-476 — NULL Pointer Dereference14 documents8 sources

Severity

4.0MEDIUMNVD

EPSS

0.1%

top 82.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Redhat Enterprise MRG

Timeline

PublishedFeb 28

Latest updateMay 13

Description

The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.

CVSS vector

AV:L/AC:H/C:N/I:N/A:CExploitability: 1.9 | Impact: 6.9

Affected Packages3 packages

▶Debianlinux/linux_kernel< 3.2.38-1+3

▶NVDlinux/linux_kernel3.7.3+143

▶NVDredhat/enterprise_mrg2.0

Also affects: Enterprise Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-qw67-7w8x-89v6: The chase_port function in drivers/usb/serial/io_ti↗2022-05-13

▶

OSV

CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti↗2013-02-28

▶

CVEList

CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti↗2013-02-28

▶

📋Vendor Advisories

Ubuntu

Linux kernel (EC2) vulnerabilities↗2013-04-25

▶

Ubuntu

Linux kernel vulnerabilities↗2013-04-19

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2013-03-26

▶

Ubuntu

Linux kernel vulnerabilities↗2013-03-18

▶

Ubuntu

Linux kernel (OMAP4) vulnerability↗2013-02-22

▶

💬Community

Bugzilla

CVE-2013-1774 Kernel: USB io_ti driver NULL pointer dereference in routine chase_port↗2013-02-27

▶