CVE-2013-1958
24.04.2013, 19:55
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created.Enginsight
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 𝑥 ≤ 3.8.5 |
| linux | linux_kernel | 3.8.0 |
| linux | linux_kernel | 3.8.1 |
| linux | linux_kernel | 3.8.2 |
| linux | linux_kernel | 3.8.3 |
| linux | linux_kernel | 3.8.4 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||||
| linux-armadaxp |
| ||||||||||
| linux-ec2 |
| ||||||||||
| linux-fsl-imx51 |
| ||||||||||
| linux-linaro-omap |
| ||||||||||
| linux-linaro-shared |
| ||||||||||
| linux-linaro-vexpress |
| ||||||||||
| linux-lts-backport-maverick |
| ||||||||||
| linux-lts-backport-oneiric |
| ||||||||||
| linux-lts-quantal |
| ||||||||||
| linux-mvl-dove |
| ||||||||||
| linux-qcm-msm |
| ||||||||||
| linux-ti-omap4 |
|
Common Weakness Enumeration
References