CVE-2013-4312 - Vulncode-DB

CVE-2013-4312 (NVD)

2016-02-08

The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.

Products	Linux_kernel, Linux
Type	Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
First patch	https://github.com/torvalds/linux/commit/712f4aad406bb1ed67f3f98d04c044191f0ff593
Relevant file/s	• ./include/linux/sched.h (modified, +1) • ./net/unix/af_unix.c (modified, +20, -4) • ./net/unix/garbage.c (modified, +8, -5)
Links	• http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html • http://www.ubuntu.com/usn/USN-2932-1 • http://www.debian.org/security/2016/dsa-3448 • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html • http://www.ubuntu.com/usn/USN-2929-2 More/Less (14) • http://www.ubuntu.com/usn/USN-2967-1 • http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1 • http://www.ubuntu.com/usn/USN-2967-2 • http://rhn.redhat.com/errata/RHSA-2016-2584.html • http://rhn.redhat.com/errata/RHSA-2016-0855.html • http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=712f4aad406bb1ed67f3f98d04c044191f0ff593 • http://rhn.redhat.com/errata/RHSA-2016-2574.html • http://www.securityfocus.com/bid/82986 • https://bugzilla.redhat.com/show_bug.cgi?id=1297813 • https://security-tracker.debian.org/tracker/CVE-2013-4312 • http://www.ubuntu.com/usn/USN-2929-1 • http://www.ubuntu.com/usn/USN-2931-1 • http://www.debian.org/security/2016/dsa-3503

linux - Tree: 712f4aad40

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: