CVE-2013-7446

Impact:
Moderate
Public Date:
2015-09-10
CWE:
CWE-362
Bugzilla:
1282688: CVE-2013-7446 kernel: Unix sockets use after free - peer_wait_queue prematurely freed
A flaw was found in the Linux kernel's implementation of Unix sockets. A server polling for client-socket data could put the peer socket on a wait list; the peer socket could then close the connection, making the reference on the wait list no longer valid. This could lead to bypassing the permissions on a Unix socket and packets being injected into the stream, and could also panic the machine (denial of service).

Find out more about CVE-2013-7446 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect Linux kernels as shipped with Red Hat Enterprise linux 5,7, MRG-2 and realtime kernels.

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and may be addressed in a future update.

This has been rated as having Moderate security impact and is not currently
planned to be addressed in future updates. For additional information, refer
to the Red Hat Enterprise Linux Life Cycle:
https://access.redhat.com/support/policy/updates/errata/.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 4.6
Base Metrics AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected
Red Hat Enterprise Linux 7 kernel Will not fix
Red Hat Enterprise Linux 7 kernel-rt Will not fix
Red Hat Enterprise Linux 6 kernel Will not fix
Red Hat Enterprise Linux 5 kernel Will not fix
Red Hat Enterprise Linux 4 kernel Not affected

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.