Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-3301

CWE-476 — NULL Pointer Dereference13 documents9 sources

Severity

7.2HIGH

EPSS

0.4%

top 40.97%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Linux Kernel Redhat Enterprise Linux Redhat Enterprise MRG +3 more

Timeline

PublishedApr 29

Latest updateMay 13

Description

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages6 packages

▶NVDlinux/linux_kernel3.1 — 3.2.44+2

▶Debianlinux< 3.8.11-1+3

▶NVDsuse/linux_enterprise_server11

▶NVDsuse/linux_enterprise_desktop11

▶NVDsuse/linux_enterprise_high_availability_extension11

Also affects: Enterprise Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-c2pp-ff3q-qvxc: The ftrace implementation in the Linux kernel before 3↗2022-05-13

▶

CVEList

CVE-2013-3301: The ftrace implementation in the Linux kernel before 3↗2013-04-29

▶

OSV

CVE-2013-3301: The ftrace implementation in the Linux kernel before 3↗2013-04-29

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel 3.2.1 - Tracing Multiple Local Denial of Service Vulnerabilities↗2013-04-15

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2013-05-30

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2013-05-28

▶

Ubuntu

Linux kernel vulnerabilities↗2013-05-24

▶

Ubuntu

Linux kernel (Quantal HWE) vulnerabilities↗2013-05-24

▶

Ubuntu

Linux kernel vulnerabilities↗2013-05-24

▶

💬Community

Bugzilla

CVE-2013-3301 Kernel: tracing: NULL pointer dereference↗2013-04-15

▶