CVE-2013-4300

N/A Unknown

Published: September 25, 2013 Modified: April 29, 2026

Description

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e

Source: secalert@redhat.com

Broken Link

http://www.openwall.com/lists/oss-security/2013/09/05/3

Source: secalert@redhat.com

Exploit Mailing List Patch

http://www.ubuntu.com/usn/USN-1995-1

Source: secalert@redhat.com

Third Party Advisory VDB Entry

http://www.ubuntu.com/usn/USN-1998-1

Source: secalert@redhat.com

Third Party Advisory VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1004736

Source: secalert@redhat.com

Exploit Issue Tracking Patch

https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e

Source: secalert@redhat.com

Exploit Patch

https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2

Source: secalert@redhat.com

Patch

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e