CyberSec.Space Logo
Back to CVE Browser

CVE-2013-6282

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score96.8570%
EPSS Percentile88.05th
PublishedNov 20, 2013
Last ModifiedApr 22, 2026

Vulnerability Description

The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.

Affected Platforms (CPE)

πŸ’»
Linux

Linux Kernel

< 3.2.54
πŸ’»
Linux

Linux Kernel

>= 3.3 and < 3.4.12
πŸ’»
Linux

Linux Kernel

>= 3.5 and < 3.5.5

References & Advisories

πŸ”— http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8404663f81d212918ff85f493649a7991209fa04
πŸ”— http://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282
πŸ”— http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5
πŸ”— http://www.openwall.com/lists/oss-security/2013/11/14/11
πŸ”— http://www.securityfocus.com/bid/63734
πŸ”— http://www.ubuntu.com/usn/USN-2067-1
πŸ”— https://github.com/torvalds/linux/commit/8404663f81d212918ff85f493649a7991209fa04
πŸ”— https://www.exploit-db.com/exploits/40975/

Related Vulnerabilities

CVE-2000-074710.0

The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and k...

CVE-2002-157210.0

Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown imp...

CVE-2000-050610.0

The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting th...

CVE-2002-157310.0

Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and...