CVE-2013-7421Improper Privilege Management in Kernel

CWE-269Improper Privilege ManagementCWE-749Exposed Dangerous Method or Function18 documents8 sources
Severity
2.1LOWNVD
EPSS
0.0%
top 86.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedMar 2
Latest updateMay 13

Description

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

NVDlinux/linux_kernel< 3.18.5
Debianlinux/linux_kernel< 3.16.7-ckt4-2+3
NVDoracle/linux5, 6, 7+2

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 14.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
GHSA
GHSA-7h46-6772-ccxh: The Crypto API in the Linux kernel before 32022-05-13
OSV
linux-lts-utopic vulnerabilities2015-03-24
OSV
linux vulnerabilities2015-03-24
CVEList
CVE-2013-7421: The Crypto API in the Linux kernel before 32015-03-02
OSV
CVE-2013-7421: The Crypto API in the Linux kernel before 32015-03-02

📋Vendor Advisories

9
Ubuntu
Linux kernel vulnerabilities2015-03-24
Ubuntu
Linux kernel vulnerabilities2015-03-24
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2015-03-24
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities2015-03-24
Ubuntu
Linux kernel (OMAP4) vulnerabilities2015-02-26

💬Community

3
Bugzilla
CVE-2013-7421 Linux kernel: crypto api unprivileged arbitrary module load via request_module() [fedora-all]2015-02-10
Bugzilla
CVE-2013-7421 Linux kernel: crypto api unprivileged arbitrary module load via request_module()2015-01-23
Bugzilla
CVE-2013-5588 CVE-2013-5589 cacti: XSS and SQL injection flaws2013-08-26
CVE-2013-7421 — Improper Privilege Management in Kernel | cvebase