CVE-2013-6282
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses,...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 25, 2013
- Published Date
- November 19, 2013
- Last Updated
- February 03, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
References
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5
https://www.exploit-db.com/exploits/40975/
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8404663f81d212918ff85f493649a7991209fa04
http://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282
http://www.securityfocus.com/bid/63734
http://www.openwall.com/lists/oss-security/2013/11/14/11
https://github.com/torvalds/linux/commit/8404663f81d212918ff85f493649a7991209fa04
http://www.ubuntu.com/usn/USN-2067-1
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-09-15 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/android/local/put_user_vroot.rb | 2025-04-29 11:01:10 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
put_user_vroot
Type: metasploit • Created: Unknown
Metasploit module for CVE-2013-6282
timwr/CVE-2013-6282
Type: github • Created: 2016-12-19 16:14:18 UTC • Stars: 20
CVE-2013-6282 proof of concept for Android