CVE Vulnerabilities

CVE-2013-2128

Uncontrolled Resource Consumption

Published: Jun 07, 2013 | Modified: Apr 11, 2025
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4.9 MEDIUM
AV:L/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
4.9 MODERATE
AV:L/AC:L/Au:N/C:N/I:N/A:C
RedHat/V3
Ubuntu
MEDIUM

The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket.

Weakness

The product does not properly control the allocation and maintenance of a limited resource.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * 2.6.34 (excluding)
OpenStack 3 for RHEL 6 RedHat kernel-0:2.6.32-358.114.1.openstack.el6 *
Red Hat Enterprise Linux 6 RedHat kernel-0:2.6.32-358.14.1.el6 *
Linux Ubuntu lucid *
Linux Ubuntu upstream *
Linux-2.6 Ubuntu upstream *
Linux-armadaxp Ubuntu upstream *
Linux-ec2 Ubuntu lucid *
Linux-ec2 Ubuntu upstream *
Linux-fsl-imx51 Ubuntu lucid *
Linux-fsl-imx51 Ubuntu upstream *
Linux-linaro-omap Ubuntu precise *
Linux-linaro-omap Ubuntu quantal *
Linux-linaro-omap Ubuntu upstream *
Linux-linaro-shared Ubuntu precise *
Linux-linaro-shared Ubuntu quantal *
Linux-linaro-shared Ubuntu upstream *
Linux-linaro-vexpress Ubuntu precise *
Linux-linaro-vexpress Ubuntu quantal *
Linux-linaro-vexpress Ubuntu upstream *
Linux-lts-backport-maverick Ubuntu lucid *
Linux-lts-backport-maverick Ubuntu upstream *
Linux-lts-quantal Ubuntu upstream *
Linux-lts-raring Ubuntu upstream *
Linux-mvl-dove Ubuntu lucid *
Linux-mvl-dove Ubuntu upstream *
Linux-qcm-msm Ubuntu lucid *
Linux-qcm-msm Ubuntu precise *
Linux-qcm-msm Ubuntu quantal *
Linux-qcm-msm Ubuntu upstream *
Linux-ti-omap4 Ubuntu upstream *

Potential Mitigations

  • Mitigation of resource exhaustion attacks requires that the target system either:

  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.

  • The second solution is simply difficult to effectively institute – and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.

References