CVE-2013-4299 — MEDIUM (6.0)

Q: How severe is CVE-2013-4299?

CVE-2013-4299 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-4299?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux.

Vulnerability Description

Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.

CVSS Score

6.0

MEDIUM

AV:N/AC:M/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 3.11.6
Redhat	Enterprise Linux	6.0

Related Weaknesses (CWE)

CWE-264 CWE-200

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c6a1ExploitPatch
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1436.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1449.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1450.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1460.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1490.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1519.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1520.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1783.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1860.htmlThird Party Advisory
http://www.ubuntu.com/usn/USN-2015-1
http://www.ubuntu.com/usn/USN-2016-1
http://www.ubuntu.com/usn/USN-2040-1Third Party Advisory

FAQ

What is CVE-2013-4299?

CVE-2013-4299 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to ...

How severe is CVE-2013-4299?

CVE-2013-4299 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4299?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux.