Home > Vulnerability Database > CVE-2013-2852

Mend.io Vulnerability Database

CVE-2013-2852

Good to know:

Date: June 7, 2013

Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.

Language: C

Severity Score

7.4

Related Resources (23)

Url: http://git.kernel.org/cgit/linux/kernel/git/linville/wireless.git/commit/?id=9538cbaab6e8b8046039b4b2eb6c9d614dc782bd

Url: http://www.debian.org/security/2013/dsa-2766

Url: http://www.ubuntu.com/usn/USN-1899-1

Url: http://rhn.redhat.com/errata/RHSA-2013-1450.html

Url: https://security-tracker.debian.org/tracker/CVE-2013-2852

Url: http://www.ubuntu.com/usn/USN-1900-1

Url: https://access.redhat.com/security/cve/CVE-2013-2852

Url: http://www.ubuntu.com/usn/USN-1914-1

Url: http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html

Url: http://www.ubuntu.com/usn/USN-1930-1

Url: http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html

Url: http://www.openwall.com/lists/oss-security/2013/06/06/13

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2013-2852

Url: http://www.ubuntu.com/usn/USN-1920-1

Url: http://www.ubuntu.com/usn/USN-1919-1

Url: http://rhn.redhat.com/errata/RHSA-2013-1051.html

Url: http://www.ubuntu.com/usn/USN-1915-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-2852

Url: http://www.ubuntu.com/usn/USN-1916-1

Url: http://www.ubuntu.com/usn/USN-1917-1

Url: http://www.ubuntu.com/usn/USN-1918-1

Url: https://bugzilla.redhat.com/show_bug.cgi?id=969518

Url: https://www.mend.io/vulnerability-database/CVE-2013-2852

Severity Score

7.4

Weakness Type (CWE)

Format String Vulnerability

CWE-134

Top Fix

Upgrade Version

Upgrade to version v3.10-rc6

Learn More

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-2852

Good to know:

Date: June 7, 2013

Language: C

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?