CVE-2013-2147 — Kernel vulnerability
Severity
2.1LOWNVD
EPSS
0.1%
top 77.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 7
Latest updateMay 14
Description
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in dri…
CVSS vector
AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9
Affected Packages3 packages
🔴Vulnerability Details
5GHSA▶
GHSA-c99v-g47p-v8gp: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3↗2022-05-14
OSV▶
CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3↗2013-06-07
CVEList▶
CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3↗2013-06-07