Local Information Disclosure Vulnerability in Linux Kernel CD-ROM Driver
CVE-2013-2164

Currently unrated

Key Information:

Vendor: Linux
Status: Linux Kernel; Enterprise Linux; Enterprise Mrg
Vendor: CVE Published:; 4 July 2013

Summary

The mmc_ioctl_cdrom_read_data function in the Linux kernel allows local users to potentially access sensitive data stored in the kernel memory. This issue arises when a malfunctioning CD-ROM drive is in use, leading to unintended exposure of kernel memory contents during read operations. This vulnerability can pose serious risks as it may allow attackers to gain insights into system-level information that should remain protected.

References

http://rhn.redhat.com/errata/RHSA-2013-1166.html

vendor-advisoryx_refsource_REDHAT

http://www.ubuntu.com/usn/USN-1913-1

vendor-advisoryx_refsource_UBUNTU

http://lists.opensuse.org/opensuse-security-announce/2013...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Jul 4, 2013
Vulnerability Reserved
Feb 19, 2013