CVE-2013-2147

Linux Kernel <= 3.9.4 - Information Disclosure via Uninitialized Data Structures

Title source: llm
STIX 2.1

Description

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.

References (16)

Core 16
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2015-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1996-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1994-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1997-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1166.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/06/05/25
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=971242
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2016-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2020-1
Various Sources mailing-list x_refsource_mlist
http://lkml.org/lkml/2013/6/3/127
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2017-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2023-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2050-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1999-1
Various Sources mailing-list x_refsource_mlist
http://lkml.org/lkml/2013/6/3/131

Scores

EPSS 0.0010
EPSS Percentile 27.8%

Details

CWE
CWE-399
Status published
Products (7)
linux/linux_kernel 3.9 rc1 (7 CPE variants)
linux/linux_kernel 3.9.0
linux/linux_kernel 3.9.1
linux/linux_kernel 3.9.2
linux/linux_kernel 3.9.3
linux/linux_kernel < 3.9.4
suse/linux_enterprise_server 10 sp4
Published Jun 07, 2013
Tracked Since Feb 18, 2026