Back to search
CVE-2013-2851
Published: Jun 7, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2013:1783
vendor-advisory
x_refsource_REDHAT
[linux-kernel] 20130606 [PATCH 1/8] block: do not pass disk names as format strings
mailing-list
x_refsource_MLIST
USN-1913-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2013:1473
vendor-advisory
x_refsource_SUSE
RHSA-2013:1645
vendor-advisory
x_refsource_REDHAT
DSA-2766
vendor-advisory
x_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=969515
x_refsource_CONFIRM
openSUSE-SU-2013:1971
vendor-advisory
x_refsource_SUSE
SUSE-SU-2013:1474
vendor-advisory
x_refsource_SUSE
RHSA-2014:0284
vendor-advisory
x_refsource_REDHAT
USN-1941-1
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20130606 Linux kernel format string flaws
mailing-list
x_refsource_MLIST
USN-1942-1
vendor-advisory
x_refsource_UBUNTU
USN-1912-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now