Main Vulnerability Database Exploits ID:10147 - Exploit for NULL pointer dereference in Linux kernel - CVE-2013-3301

ID:10147 - Exploit for NULL pointer dereference in Linux kernel - CVE-2013-3301

Published: July 3, 2024

Vulnerability identifier: #VU93711

Vulnerability risk: Low

CVE-ID: CVE-2013-3301

CWE-ID: CWE-476

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://www.exploit-db.com/exploits/38465/

Vulnerability description

The vulnerability allows a local user to execute arbitrary code.

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.

Remediation

Install update from vendor's website.

ID:10147 - Exploit for NULL pointer dereference in Linux kernel - CVE-2013-3301

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human