CVE-2013-7445

The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.kernel.org/show_bug.cgi?id=60533
https://bugzilla.kernel.org/show_bug.cgi?id=60533

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.0.1:::::::*
	cpe:2.3:o:linux:linux_kernel:4.0.2:::::::*
	cpe:2.3:o:linux:linux_kernel:4.0.3:::::::*
	cpe:2.3:o:linux:linux_kernel:4.0.4:::::::*
	cpe:2.3:o:linux:linux_kernel:4.0.5:::::::*
	cpe:2.3:o:linux:linux_kernel:4.0.6:::::::*
	cpe:2.3:o:linux:linux_kernel:4.0.7:::::::*
	cpe:2.3:o:linux:linux_kernel:4.0.8:::::::*
	cpe:2.3:o:linux:linux_kernel:4.0.9:::::::*
	cpe:2.3:o:linux:linux_kernel:4.1.1:::::::*
	cpe:2.3:o:linux:linux_kernel:4.1.2:::::::*
	cpe:2.3:o:linux:linux_kernel:4.1.3:::::::*
	cpe:2.3:o:linux:linux_kernel:4.1.4:::::::*
	cpe:2.3:o:linux:linux_kernel:4.1.5:::::::*
	cpe:2.3:o:linux:linux_kernel:4.1.6:::::::*
	cpe:2.3:o:linux:linux_kernel:4.1.7:::::::*
	cpe:2.3:o:linux:linux_kernel:4.1.8:::::::*
	cpe:2.3:o:linux:linux_kernel:4.1.9:::::::*
	cpe:2.3:o:linux:linux_kernel:4.1.10:::::::*
	cpe:2.3:o:linux:linux_kernel:4.2.1:::::::*
	cpe:2.3:o:linux:linux_kernel:4.2.2:::::::*
	cpe:2.3:o:linux:linux_kernel:4.2.3:::::::*

History

21 Nov 2024, 02:01

Type	Values Removed	Values Added
References	~~() https://bugzilla.kernel.org/show_bug.cgi?id=60533 -~~	() https://bugzilla.kernel.org/show_bug.cgi?id=60533 -

Information

Published : 2015-10-16 01:59

Updated : 2025-04-12 10:46

NVD link : CVE-2013-7445

Mitre link : CVE-2013-7445

CVE.ORG link : CVE-2013-7445

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2013-7445", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-10-16T01:59:00.120", "references": [{"url": "https://bugzilla.kernel.org/show_bug.cgi?id=60533", "source": "cret@cert.org"}, {"url": "https://bugzilla.kernel.org/show_bug.cgi?id=60533", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox."}, {"lang": "es", "value": "El subsistema Direct Rendering Manager (DRM) en el kernel de Linux hasta la versi\u00f3n 4.x no maneja correctamente las peticiones para los objetos Graphics Execution Manager (GEM), lo que permite a atacantes dependientes del contexto causar una denegaci\u00f3n de servicio (consumo de la memoria) a trav\u00e9s de una aplicaci\u00f3n que procesa datos gr\u00e1ficos, segun lo demostrado por el c\u00f3digo JaScript que genera muchos elementos CANVAS para el renderizado de Chrome o Firefox."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "101169D3-5114-4964-A85A-80333B0F48AB", "versionEndIncluding": "4.0.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16A2670E-195E-4454-8E1C-22D04AAA3E99"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F2331B3-45AF-4406-9641-A78F949C85D7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2FAD591-2AE8-4A14-91D8-79946C9D2244"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5411C41-0F80-4633-9778-6BA7A20EED0E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17A43AA1-FF07-46AA-8A22-B73639876929"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F7AB076-B553-4E1D-A604-4DFD976FC155"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF9F02C5-128B-4E30-BA0E-7FD771F8AA72"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A449E564-051A-4C33-888D-DD84D15C1C01"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7321A21-F4FC-4C05-8362-47BA25933FA6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "849F1B99-46F5-4BCA-9A0D-0A45CD78AF89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BBA308E-F27E-4915-B7DF-C6DCE56ABA1C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5398D9C4-9161-4C8E-AE72-A449A8546C47"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42D448D6-CCC0-4FF1-B2EA-7A99C3A467B0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE654C62-FB2D-4F0C-858E-DBF15637A5EC"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA5C6932-4C99-4271-BBE4-710B7C6984F2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "809E15BD-4613-4D53-91DE-EE115A7A6D48"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5FBC32B-82C6-4DE2-9E94-3E1765B7234D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB50C500-289B-43CA-9AF5-69564A452213"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C51F0A1C-1359-4C88-820C-3A721F64A1E1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C65BF8B8-071F-42CB-B710-8E6FFC49B1A1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5C5B538-158C-4F4A-9452-DAD2D0EF5A7E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC507686-B52C-4ABE-9734-147071FC7C08"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}

7.8 /10