CVE-2013-1820Improper Input Validation in Redhat Tuned

CWE-20Improper Input Validation8 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 66.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat TunedTunedFedoraproject Fedora
Timeline
PublishedNov 8
Latest updateMay 24

Description

tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDredhat/tuned< 2.0.2
CVEListV5tuned/tuned2.10.0-1

Also affects: Fedora 17

🔴Vulnerability Details

2
GHSA
GHSA-5h65-vpv9-88m6: tuned before 22022-05-24
CVEList
CVE-2013-1820: tuned before 22019-11-08

📋Vendor Advisories

2
Debian
CVE-2013-1820: tuned - tuned before 2.x allows local users to kill running processes due to insecure pe...2013
Red Hat
tuned: insecure permissions of pmqos-static.pid2012-02-26

💬Community

3
Bugzilla
CVE-2013-1820 tuned: insecure permissions of pmqos-static.pid2013-03-05
Bugzilla
CVE-2012-6136 CVE-2013-1820 tuned: multiple insecure permissions of pid files [fedora-17]2013-03-05
Bugzilla
CVE-2013-1820 /var/run/tuned/pmqos-static.pid created with insecure permissions [rhel-6.5]2013-02-26
CVE-2013-1820 — Improper Input Validation in Redhat | cvebase