CVE-2013-6383
Published Nov 27, 2013
Last updated a year ago
Overview
- Description
- The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43911295-AEFA-4B19-89E9-48D2A2B613E0",
"versionEndExcluding": "3.2.53",
"versionStartIncluding": "2.6.12"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1C3B911-4978-48C7-AFF7-8C938606D108",
"versionEndExcluding": "3.4.69",
"versionStartIncluding": "3.3"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42C255A0-67F5-4C50-B054-2C005D650CA3",
"versionEndExcluding": "3.10.19",
"versionStartIncluding": "3.5"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27B041B3-6592-459F-85F6-943D103DB90E",
"versionEndExcluding": "3.11.8",
"versionStartIncluding": "3.11"
}
],
"operator": "OR"
}
]
}
]