CVE-2013-7445
high
CVSS v3
—
CVSS v2
7.8
VIR risk
7.8
Description
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-7445
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2013-7445.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | affected | |
| debian | sid | affected | |
| debian | trixie | affected | |
| linux-kernel | affected | | |
| linux-kernel | 4.0.1 | affected | |
| linux-kernel | 4.0.2 | affected | |
| linux-kernel | 4.0.3 | affected | |
| linux-kernel | 4.0.4 | affected | |
| linux-kernel | 4.0.5 | affected | |
| linux-kernel | 4.0.6 | affected | |
| linux-kernel | 4.0.7 | affected | |
| linux-kernel | 4.0.8 | affected | |
| linux-kernel | 4.0.9 | affected | |
| linux-kernel | 4.1.1 | affected | |
| linux-kernel | 4.1.2 | affected | |
| linux-kernel | 4.1.3 | affected | |
| linux-kernel | 4.1.4 | affected | |
| linux-kernel | 4.1.5 | affected | |
| linux-kernel | 4.1.6 | affected | |
| linux-kernel | 4.1.7 | affected | |
| linux-kernel | 4.1.8 | affected | |
| linux-kernel | 4.1.9 | affected | |
| linux-kernel | 4.1.10 | affected | |
| linux-kernel | 4.2.1 | affected | |
| linux-kernel | 4.2.2 | affected | |
| linux-kernel | 4.2.3 | affected | |
References
CWEs
CWE-399
Verify integrity in audit chain (admin only). AS-IS.