Vulnerability Name:

CVE-2013-2147 (CCN-84951)

Assigned:2013-06-03
Published:2013-06-03
Updated:2018-01-09
Summary:The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
1.7 Low (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N)
1.3 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-399
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2013-2147

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:0812

Source: MLIST
Type: UNKNOWN
[linux-kernel] 20130603 [patch] cciss: info leak in cciss_ioctl32_passthru()

Source: MLIST
Type: UNKNOWN
[linux-kernel] 20130603 [patch] cpqarray: info leak in ida_locked_ioctl()

Source: CCN
Type: RHSA-2013-1166
Important: kernel security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1166

Source: CCN
Type: RHSA-2013-1264
Important: kernel-rt security and bug fix update

Source: CCN
Type: The Linux Kernel Archives Web site
The Linux Kernel Archives

Source: MLIST
Type: UNKNOWN
[oss-security] 20130605 Re: CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl()

Source: CCN
Type: BID-60280
Linux Kernel Multiple Local Information Disclosure Vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-1994-1

Source: UBUNTU
Type: UNKNOWN
USN-1996-1

Source: UBUNTU
Type: UNKNOWN
USN-1997-1

Source: UBUNTU
Type: UNKNOWN
USN-1999-1

Source: UBUNTU
Type: UNKNOWN
USN-2015-1

Source: UBUNTU
Type: UNKNOWN
USN-2016-1

Source: UBUNTU
Type: UNKNOWN
USN-2017-1

Source: UBUNTU
Type: UNKNOWN
USN-2020-1

Source: UBUNTU
Type: UNKNOWN
USN-2023-1

Source: UBUNTU
Type: UNKNOWN
USN-2050-1

Source: CCN
Type: Red Hat Bugzilla Bug 971242
(CVE-2013-2147) CVE-2013-2147 Kernel: cpqarray/cciss: information leak via ioctl

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=971242

Source: XF
Type: UNKNOWN
linux-kernel-cve20132147-info-disc(84951)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-2147

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 3.9.4)

    • Configuration 2:
  • cpe:/o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20132147
    V
    		CVE-2013-2147
    2022-05-20
    oval:org.opensuse.security:def:33119
    P
    		Security update for ghostscript (Moderate)
    2022-01-14
    oval:org.opensuse.security:def:33013
    P
    		Security update for gd (Moderate)
    2021-09-23
    oval:org.opensuse.security:def:33902
    P
    		Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:33070
    P
    		Security update for MozillaFirefox (Low)
    2021-02-10
    oval:org.opensuse.security:def:29814
    P
    		Security update for jasper (Important)
    2020-12-01
    oval:org.opensuse.security:def:28821
    P
    		Security update for Python
    2020-12-01
    oval:org.opensuse.security:def:32484
    P
    		PackageKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28384
    P
    		Security update for rubygem-activesupport-3_2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33181
    P
    		libsnmp15-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29027
    P
    		Security update for LibVNCServer (Important)
    2020-12-01
    oval:org.opensuse.security:def:32713
    P
    		libgnomesu on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28396
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33863
    P
    		Security update for jakarta-taglibs-standard (Important)
    2020-12-01
    oval:org.opensuse.security:def:29115
    P
    		Security update for java-1_7_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32857
    P
    		expat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28595
    P
    		Security update for PostgreSQL
    2020-12-01
    oval:org.opensuse.security:def:32394
    P
    		Security update for transfig (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29176
    P
    		Security update for microcode_ctl (Important)
    2020-12-01
    oval:org.opensuse.security:def:28737
    P
    		Security update for lcms2
    2020-12-01
    oval:org.opensuse.security:def:32406
    P
    		Security update for wavpack (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29850
    P
    		Security update for Linux Kernel
    2020-12-01
    oval:org.opensuse.security:def:33158
    P
    		libltdl7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28973
    P
    		Security update for rpcbind (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32619
    P
    		xpdf-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28385
    P
    		Security update for rubygem-activesupport-3_2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33225
    P
    		pango on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29076
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32770
    P
    		perl-Tk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28464
    P
    		Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29132
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:28680
    P
    		Security update for flash-player
    2020-12-01
    oval:org.opensuse.security:def:32395
    P
    		Security update for unrar (Important)
    2020-12-01
    oval:org.mitre.oval:def:26522
    P
    		ELSA-2014-3002 -- Unbreakable Enterprise kernel security and bug fix update (Unbreakable Enterprise Kernel Release 3 QU1) (important)
    2015-03-16
    oval:org.mitre.oval:def:27425
    P
    		ELSA-2013-1166-1 -- kernel security and bug fix update (important)
    2015-03-16
    oval:org.mitre.oval:def:24665
    P
    		SUSE-SU-2014:0287-1 -- Security update for Linux kernel
    2015-03-16
    oval:org.mitre.oval:def:25739
    P
    		SUSE-SU-2013:1832-1 -- Security update for Linux kernel
    2014-09-08
    oval:org.mitre.oval:def:24412
    P
    		DSA-2906-1 linux-2.6 - several
    2014-07-21
    oval:org.mitre.oval:def:19069
    P
    		USN-2017-1 -- linux vulnerabilities
    2014-07-07
    oval:org.mitre.oval:def:21041
    P
    		USN-2050-1 -- linux-ti-omap4 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:19344
    P
    		USN-1999-1 -- linux-ti-omap4 vulnerability
    2014-06-30
    oval:org.mitre.oval:def:18748
    P
    		USN-2016-1 -- linux-ec2 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:19273
    P
    		USN-1994-1 -- linux-lts-quantal vulnerability
    2014-06-30
    oval:org.mitre.oval:def:19350
    P
    		USN-2023-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18987
    P
    		USN-2018-1 -- linux-ti-omap4 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:19323
    P
    		USN-2020-1 -- linux-lts-raring vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:19368
    P
    		USN-1996-1 -- linux vulnerability
    2014-06-30
    oval:org.mitre.oval:def:19067
    P
    		USN-2015-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:19339
    P
    		USN-1997-1 -- linux-ti-omap4 vulnerability
    2014-06-30
    oval:org.mitre.oval:def:23361
    P
    		ELSA-2013:1166: kernel security and bug fix update (Important)
    2014-05-26
    oval:org.mitre.oval:def:24081
    V
    		VMware ESX updates to third party libraries
    2014-04-28
    oval:org.mitre.oval:def:21146
    P
    		RHSA-2013:1166: kernel security and bug fix update (Important)
    2014-02-17
    oval:com.redhat.rhsa:def:20131166
    P
    		RHSA-2013:1166: kernel security and bug fix update (Important)
    2013-08-20
    oval:com.ubuntu.precise:def:20132147000
    V
    		CVE-2013-2147 on Ubuntu 12.04 LTS (precise) - low.
    2013-06-07
    oval:com.ubuntu.trusty:def:20132147000
    V
    		CVE-2013-2147 on Ubuntu 14.04 LTS (trusty) - low.
    2013-06-07
    oval:com.ubuntu.xenial:def:201321470000000
    V
    		CVE-2013-2147 on Ubuntu 16.04 LTS (xenial) - low.
    2013-06-07
    oval:com.ubuntu.xenial:def:20132147000
    V
    		CVE-2013-2147 on Ubuntu 16.04 LTS (xenial) - low.
    2013-06-07
    BACK
    linux linux kernel 3.9 rc1
    linux linux kernel 3.9 rc2
    linux linux kernel 3.9 rc3
    linux linux kernel 3.9 rc4
    linux linux kernel 3.9 rc5
    linux linux kernel 3.9 rc6
    linux linux kernel 3.9 rc7
    linux linux kernel 3.9.0
    linux linux kernel 3.9.1
    linux linux kernel 3.9.2
    linux linux kernel 3.9.3
    linux linux kernel *
    suse linux enterprise server 10 sp4
    linux linux kernel 3.9 rc6
    linux linux kernel 3.9 rc5
    linux linux kernel 3.9 rc4
    linux linux kernel 3.9 rc3
    linux linux kernel 3.9 rc2
    linux linux kernel 3.9 rc1
    linux linux kernel 3.9 rc7
    linux linux kernel 3.9.0
    linux linux kernel 3.9.1
    linux linux kernel 3.9.2
    linux linux kernel 3.9.3
    linux linux kernel 3.9.4
    redhat enterprise linux 5
    redhat enterprise linux 5