CVE-2013-4312Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-400Uncontrolled Resource Consumption25 documents9 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 92.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelOracle Linux
Timeline
PublishedFeb 8
Latest updateMay 13

Description

The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages3 packages

Debianlinux/linux_kernel< 4.3.3-6+3
NVDoracle/linux5.0, 6, 7+2

🔴Vulnerability Details

9
GHSA
GHSA-vqj4-45vx-v6r9: The Linux kernel before 42022-05-13
OSV
linux-lts-vivid vulnerabilities2016-03-14
OSV
linux-lts-utopic vulnerabilities2016-03-14
OSV
linux vulnerabilities2016-03-14
OSV
linux-lts-wily vulnerabilities2016-02-22

📋Vendor Advisories

12
Ubuntu
Linux kernel vulnerabilities2016-05-09
Ubuntu
Linux kernel (OMAP4) vulnerabilities2016-05-09
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2016-03-14
Ubuntu
Linux kernel vulnerabilities2016-03-14
Ubuntu
Linux kernel (Vivid HWE) vulnerabilities2016-03-14

💬Community

3
Bugzilla
CVE-2016-2550 kernel: incorrectly accounted in-flight fds2016-02-24
Bugzilla
CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted [fedora-all]2016-01-20
Bugzilla
CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted2016-01-12
CVE-2013-4312 — Linux Kernel vulnerability | cvebase