MEDIUM🇬🇧 English

CVE-2013-2239

CVSS 4.7v2.0pub. 2013-11-12upd. 2026-04-29

vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via (1) a crafted ploop driver ioctl call, related to the ploop_getdevice_ioc function in drivers/block/ploop/dev.c, or (2) a crafted quotactl system call, related to the compat_quotactl function in fs/quota/quota.c.

oryginał EN
CVSS Vector
AV:L/AC:M/Au:N/C:C/I:N/A:N
  • Openvz Vzkernel

    OS
    Openvz
    2.6.32
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2013-6838HIGH10.0ten sam produkt

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP...

CVE-2014-3519MEDIUM6.5ten sam produkt

The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel...

CVE-2015-6927LOW3.6ten sam vendor

vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescri...