CVE-2013-0160

Linux Kernel - Information Disclosure

Title source: rule

Description

The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.

Exploits (1)

exploitdb WORKING POC

by vladz · bashlocallinux

https://www.exploit-db.com/exploits/24459

View Code ZIP pw:eip

References (9)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html

[Mailing List] http://www.openwall.com/lists/oss-security/2013/01/08/3

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2128-1

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2129-1

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=892983

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html

Scores

EPSS 0.0027

EPSS Percentile 50.2%

Details

CWE

CWE-200

Status published

Products (44)

linux/linux_kernel 3.0 rc1 (7 CPE variants)

linux/linux_kernel 3.0.1

linux/linux_kernel 3.0.2

linux/linux_kernel 3.0.3

linux/linux_kernel 3.0.4

linux/linux_kernel 3.0.5

linux/linux_kernel 3.0.6

linux/linux_kernel 3.0.7

linux/linux_kernel 3.0.8

linux/linux_kernel 3.0.9

... and 34 more

Published Feb 18, 2013

Tracked Since Feb 18, 2026