CVE-2013-2015 — Vulnetix

Try Vulnetix Request Demo

CVE-2013-2015 REJECTED

The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.

EPSS 0.09% · 25.8th percentile

Risk Scores

EPSS Score

0.09%

25.8th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	linux-lts-vivid	0
Ubuntu:16.04:LTS	linux-raspi2	0
Ubuntu:16.04:LTS	linux-aws	0
Ubuntu:16.04:LTS	linux-snapdragon	0
Ubuntu:16.04:LTS	linux-hwe	0
Ubuntu:14.04:LTS	linux-lts-xenial	0
Ubuntu:14.04:LTS	linux-aws	0
Ubuntu:14.04:LTS	linux-lts-utopic	0
Ubuntu:14.04:LTS	linux-lts-wily	0
Ubuntu:16.04:LTS	linux	0
Ubuntu:14.04:LTS	linux	0
Ubuntu:16.04:LTS	linux-gke	0

Timeline

Apr 29, 2013 CVE Published
Jun 11, 2013 PoC Published
May 31, 2014 PoC Published
Dec 3, 2017 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2013-2015 third-party-advisory
https://github.com/torvalds/linux/commit/0e9a9a1ad619e7e987815d20262d36a2f95717ca third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=957123 third-party-advisory
http://www.openwall.com/lists/oss-security/2013/04/26/16 third-party-advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.3 third-party-advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0e9a9a1ad619e7e987815d20262d36a2f95717ca third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2013-2015 third-party-advisory

Open in Interactive Console →