CVE-2013-6381

Public Exploit

Description

Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size.

References

Link	Tags
http://rhn.redhat.com/errata/RHSA-2014-0159.html	vdb entry third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2014-0285.html	vdb entry third party advisory vendor advisory
http://www.openwall.com/lists/oss-security/2013/11/22/5	mailing list
https://bugzilla.redhat.com/show_bug.cgi?id=1033600	issue tracking
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fb392b1a63ae36c31f62bc3fc8630b49d602b62	broken link
http://www.securityfocus.com/bid/63890	vdb entry third party advisory
http://rhn.redhat.com/errata/RHSA-2014-0284.html	vdb entry third party advisory vendor advisory
https://github.com/torvalds/linux/commit/6fb392b1a63ae36c31f62bc3fc8630b49d602b62	patch exploit

Frequently Asked Questions

What is the severity of CVE-2013-6381?: CVE-2013-6381 has been scored as a medium severity vulnerability.
How to fix CVE-2013-6381?: To fix CVE-2013-6381, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2013-6381 being actively exploited in the wild?: It is possible that CVE-2013-6381 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions