Vulnerability Name:

CVE-2013-4343 (CCN-87072)

Assigned:2013-09-12
Published:2013-09-12
Updated:2023-02-13
Summary:Linux Kernel is vulnerable to a denial of service, caused by a use-after-free error in TUNSETIFF. A local attacker could exploit this vulnerability to cause the kernel to crash.
CVSS v3 Severity:6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2013-4343

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2013-1490
Important: kernel-rt security and bug fix update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: oss-sec mailing list, Thu, 12 Sep 2013 12:04:02 +0200
Fwd: Use-after-free in TUNSETIFF

Source: CCN
Type: SA54753
Linux Kernel "free_netdev()" Use-After-Free Vulnerability

Source: CCN
Type: The Linux Kernel Archives Web site
The Linux Kernel Archives

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-62360
Linux Kernel CVE-2013-4343 Local Denial of Service Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 1007741
CVE-2013-4343 Kernel: net: use-after-free TUNSETIFF

Source: XF
Type: UNKNOWN
linux-kernel-cve20134343-dos(87072)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.3:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.2:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.1:-:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20134343
    V
    		CVE-2013-4343
    2022-05-22
    oval:org.opensuse.security:def:61100
    P
    		Security update for the Linux Kernel (Important)
    2021-11-19
    oval:org.opensuse.security:def:61565
    P
    		libpython3_6m1_0-3.6.5-3.11.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:61485
    P
    		libX11-6-1.6.5-3.3.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:61535
    P
    		libltdl7-2.4.6-1.406 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:61442
    P
    		freetype2-devel-2.9-2.13 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:61404
    P
    		automake-1.15.1-2.145 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:61220
    P
    		libXxf86dga-devel-1.1.4-1.24 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:61318
    P
    		opensc-0.17.0-1.30 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:60485
    P
    		Security update for openssl-1_1 (Important)
    2021-03-25
    oval:org.opensuse.security:def:59864
    P
    		Security update for python (Moderate)
    2021-03-16
    oval:org.opensuse.security:def:59863
    P
    		Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:60300
    P
    		Security update for postgresql, postgresql12, postgresql13 (Important)
    2021-01-26
    oval:org.opensuse.security:def:45582
    P
    		Security update for MozillaFirefox (Critical)
    2020-12-21
    oval:org.opensuse.security:def:43869
    P
    		Security update for python27 (Important)
    2020-12-02
    oval:org.opensuse.security:def:44896
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:22705
    P
    		Security update for gdb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:44634
    P
    		Security update for squid (Important)
    2020-12-01
    oval:org.opensuse.security:def:22421
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:60046
    P
    		Security update for sqlite3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:43858
    P
    		Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:44839
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:44445
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:22381
    P
    		Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:59886
    P
    		Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:22163
    P
    		Security update for binutils (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:44810
    P
    		Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:44328
    P
    		Security update for qpdf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:22317
    P
    		Security update for libssh2_org (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:23414
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:44759
    P
    		Security update for krb5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:60799
    P
    		Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:44253
    P
    		Security update for ovmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:22218
    P
    		Security update for java-1_7_0-openjdk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:23385
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:43857
    P
    		Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:22638
    P
    		Security update for glib2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:60606
    P
    		Security update for bzip2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:44138
    P
    		Security update for curl (Important)
    2020-12-01
    oval:org.opensuse.security:def:22171
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:22747
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:22599
    P
    		Security update for ucode-intel (Important)
    2020-12-01
    oval:org.opensuse.security:def:43973
    P
    		Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:45534
    P
    		Security update for wpa_supplicant (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:22717
    P
    		Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:44704
    P
    		Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:22474
    P
    		Security update for mozilla-nspr, mozilla-nss (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:85210
    P
    		Security update for the Linux Kernel (Important)
    2019-06-17
    oval:org.mitre.oval:def:19350
    P
    		USN-2023-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20590
    P
    		USN-2049-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:19323
    P
    		USN-2020-1 -- linux-lts-raring vulnerabilities
    2014-06-30
    oval:com.ubuntu.precise:def:20134343000
    V
    		CVE-2013-4343 on Ubuntu 12.04 LTS (precise) - medium.
    2013-09-25
    oval:com.ubuntu.trusty:def:20134343000
    V
    		CVE-2013-4343 on Ubuntu 14.04 LTS (trusty) - medium.
    2013-09-25
    oval:com.ubuntu.xenial:def:20134343000
    V
    		CVE-2013-4343 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-09-25
    oval:com.ubuntu.xenial:def:201343430000000
    V
    		CVE-2013-4343 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-09-25
    BACK
    linux linux kernel 3.0 rc1
    linux linux kernel 3.3
    linux linux kernel 3.2
    linux linux kernel 3.1
    redhat enterprise mrg 2.0