491374 – (CVE-2013-6282) Kernel : missing access checks in get_user/put_user on ARM (CVE-2013-6282)

Bug 491374 (CVE-2013-6282) - Kernel : missing access checks in get_user/put_user on ARM (CVE-2013-6282)

Summary: Kernel : missing access checks in get_user/put_user on ARM (CVE-2013-6282)

Status:	RESOLVED FIXED

Alias:	CVE-2013-6282

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-11-15 20:26 UTC by Agostino Sarubbo
Modified:	2022-03-25 15:45 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2013-11-15 20:26:19 UTC

From ${URL} :

Via 
https://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282

Upstream commit: 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/arm/include/asm/uaccess.h?id=8404663f81d212918ff85f493649a7991209fa04

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2013-11-27 21:53:37 UTC

CVE-2013-6282 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6282):
  The (1) get_user and (2) put_user API functions in the Linux kernel before
  3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses,
  which allows attackers to read or modify the contents of arbitrary kernel
  memory locations via a crafted application, as exploited in the wild against
  Android devices in October and November 2013.

Comment 2 John Helmert III archtester

2022-03-25 15:45:41 UTC

In 3.5.5 onwards