CVE-2013-2164Sensitive Information Exposure in Kernel

CWE-200Sensitive Information Exposure17 documents8 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 77.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelRedhat Enterprise LinuxRedhat Enterprise MRG
Timeline
PublishedJul 4
Latest updateMay 13

Description

The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

Debianlinux/linux_kernel< 3.9.8-1+3
NVDlinux/linux_kernel204 versions+203

Also affects: Enterprise Linux 5, 5.0, 6.0

Patches

Patch: git.kernel.orgPatch: www.openwall.comPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-8h4v-hmvj-59g5: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom2022-05-13
OSV
CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom2013-07-04
CVEList
CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom2013-07-04

📋Vendor Advisories

11
Ubuntu
Linux kernel vulnerabilities2013-09-06
Ubuntu
Linux kernel (OMAP4) vulnerabilities2013-09-06
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities2013-08-20
Ubuntu
Linux kernel (Raring HWE) vulnerabilities2013-08-20
Ubuntu
Linux kernel vulnerabilities2013-08-20

💬Community

2
Bugzilla
CVE-2013-2164 Kernel: information leak in cdrom driver [fedora-all]2013-06-11
Bugzilla
CVE-2013-2164 Kernel: information leak in cdrom driver2013-06-11
CVE-2013-2164 — Sensitive Information Exposure | cvebase