Bug 1033582 (CVE-2013-4513) - CVE-2013-4513 Kernel: staging: ozwpan: buffer overflow in oz_cdev_write
Summary: CVE-2013-4513 Kernel: staging: ozwpan: buffer overflow in oz_cdev_write
Alias: CVE-2013-4513
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
Blocks: 1033580
TreeView+ depends on / blocked
Reported: 2013-11-22 12:39 UTC by Prasad Pandit
Modified: 2021-02-17 07:09 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-11-26 11:59:08 UTC

Attachments (Terms of Use)

Description Prasad Pandit 2013-11-22 12:39:33 UTC
Linux kernel built with a USB over WiFi Host Controller(CONFIG_USB_WPAN_HCD)
driver support is vulnerable to a buffer overflow flaw. It could occur while
writing to the device file.

A user/program able to write to the device file could use this flaw to potentially further escalate privileges on a system.

Upstream fix:
 -> https://git.kernel.org/linus/c2c65cd2e14ada6de44cb527e7f1990bede24e15

 -> http://seclists.org/oss-sec/2013/q4/330

Comment 1 Prasad Pandit 2013-11-25 13:38:11 UTC

This issue does not affect the versions of the kernel package as shipped with
Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.

Comment 2 Vincent Danen 2013-11-25 15:26:52 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6379 to
the following vulnerability:

Name: CVE-2013-6379
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6379
Assigned: 20131104

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-4513.  Reason:
This candidate is a duplicate of CVE-2013-4513.  Notes: All CVE users
should reference CVE-2013-4513 instead of this candidate.  All
references and descriptions in this candidate have been removed to
prevent accidental usage.

Note You need to log in before you can comment on or make changes to this bug.