CVE-2013-0160
Linux Kernel <= 3.7.9 - Sensitive Keystroke Timing Exposure via inotify on /dev/ptmx
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-0160. PoCs published by vladz.
AI-analyzed exploit summary This PoC exploits CVE-2013-0160, a keystroke timing attack on /dev/ptmx to determine the password length of a local user running 'su -'. It monitors /dev/ptmx for modifications and counts events to infer password length.
Description
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
Exploits (1)
exploitdb
WORKING POC
by vladz · bashlocallinux
https://www.exploit-db.com/exploits/24459
This PoC exploits CVE-2013-0160, a keystroke timing attack on /dev/ptmx to determine the password length of a local user running 'su -'. It monitors /dev/ptmx for modifications and counts events to infer password length.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target:
Linux kernel (tested on Debian 6.0.5 with kernel 2.6.32-5-amd64)
No auth needed
Prerequisites:
Local access to the target system · Ability to execute code on the target system
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (9)
Core 9
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/01/08/3
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2129-1
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2128-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=892983
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html
Scores
EPSS
0.0073
EPSS Percentile
49.5%
Details
CWE
CWE-200
Status
published
Products (44)
linux/linux_kernel
3.0 rc1 (7 CPE variants)
linux/linux_kernel
3.0.1
linux/linux_kernel
3.0.2
linux/linux_kernel
3.0.3
linux/linux_kernel
3.0.4
linux/linux_kernel
3.0.5
linux/linux_kernel
3.0.6
linux/linux_kernel
3.0.7
linux/linux_kernel
3.0.8
linux/linux_kernel
3.0.9
... and 34 more
Published
Feb 18, 2013
Tracked Since
Feb 18, 2026