Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2013-7446

MEDIUM5.3

Use-after-free vulnerability in net/unix/af_unix

Published Dec 28, 2015

Modified 1 years ago

No fix available

Details

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

References

WEBhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html ADVISORYhttp://www.debian.org/security/2015/dsa-3426 WEBhttp://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3 WEBhttp://www.openwall.com/lists/oss-security/2015/11/18/16 WEBhttp://www.securityfocus.com/bid/77638 WEBhttp://www.securitytracker.com/id/1034557 WEBhttp://www.spinics.net/lists/netdev/msg318826.html ADVISORYhttp://www.ubuntu.com/usn/USN-2886-1 ADVISORYhttp://www.ubuntu.com/usn/USN-2887-1 ADVISORYhttp://www.ubuntu.com/usn/USN-2887-2 ADVISORYhttp://www.ubuntu.com/usn/USN-2888-1 ADVISORYhttp://www.ubuntu.com/usn/USN-2889-1 ADVISORYhttp://www.ubuntu.com/usn/USN-2889-2 ADVISORYhttp://www.ubuntu.com/usn/USN-2890-1 ADVISORYhttp://www.ubuntu.com/usn/USN-2890-2 ADVISORYhttp://www.ubuntu.com/usn/USN-2890-3 WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1282688 WEBhttps://forums.grsecurity.net/viewtopic.php?f=3&t=4150 WEBhttps://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c WEBhttps://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8 WEBhttps://lkml.org/lkml/2013/10/14/424 WEBhttps://lkml.org/lkml/2014/5/15/532 WEBhttps://lkml.org/lkml/2015/9/13/195 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2013-7446

CVSS Analysis

CVSS v3.0

5.3

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

LowI:L

Availability

HighA:H

5.3/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

Ecosystems

Timeline

PublishedDec 28, 2015

ModifiedAug 6, 2024

CVE-2013-7446 | Mondoo Vulnerability Intelligence