CVE-2013-4299 — Sensitive Information Exposure in Linux

CWE-200 — Sensitive Information Exposure CWE-26419 documents8 sources

Severity

6.0MEDIUMNVD

EPSS

0.8%

top 25.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux

Timeline

PublishedOct 24

Latest updateMay 14

Description

Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

▶Debianlinux/linux_kernel< 3.11.6-2+3

▶NVDlinux/linux_kernel3.11.6+228

▶debiandebian/linux< linux 3.11.6-2 (bookworm)

Also affects: Enterprise Linux 6.0

Patches

Patch: git.kernel.org ↗Patch: bugzilla.redhat.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-rw3x-fqfm-qr37: Interpretation conflict in drivers/md/dm-snap-persistent↗2022-05-14

▶

OSV

CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent↗2013-10-24

▶

Kernel

dm snapshot: fix data corruption↗2013-10-16

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2014-01-03

▶

Ubuntu

Linux kernel vulnerabilities↗2014-01-03

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2013-12-07

▶

Ubuntu

Linux kernel vulnerabilities↗2013-12-07

▶

Ubuntu

Linux kernel (Quantal HWE) vulnerabilities↗2013-12-03

▶

💬Community

Bugzilla

CVE-2013-4299 kernel: dm: dm-snapshot data leak↗2013-09-04

▶