CVE-2013-6282 - Linux Kernel Improper Input Validation Vulnerability
Project:Linux
Product:Kernel
Date Added:2022-09-15Due Date:2022-10-06
Vulnerability Name
Linux Kernel Improper Input Validation Vulnerability
Description
The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8404663f81d212918ff85f493649a7991209fa04
https://nvd.nist.gov/vuln/detail/CVE-2013-6282