cbcvebase.
CVE-2013-1959
published 2013-05-03

CVE-2013-1959: kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows…

PriorityP420low3.7CVSS 2.0
AVLACHAuNCPIPAP
EXPLOIT
EPSS
1.26%
65.8th percentile
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.

Affected

197 ranges· showing 25
VendorProductVersion rangeFixed in
debianlinux< linux 3.8.11-1 (bookworm)linux 3.8.11-1 (bookworm)
linuxlinux_kernel<= 3.8.8
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel

CVSS provenance

nvdv2.03.7LOWAV:L/AC:H/Au:N/C:P/I:P/A:P
osv3.7LOW
vendor_debian3.7LOW
vendor_redhat3.7LOW
vendor_ubuntu3.7LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.