Strix
26.1K

CVE-2013-7445

UnknownEPSS 2.73%

Last modified

CVE-2013-7445 is a vulnerability of currently unknown severity. The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.. EPSS estimates a 2.73% chance of exploitation in the next 30 days.

Description

The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.

Metrics

EPSS Probability
2.73%

84.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LinuxLinux Kernel<= 4.0.0
LinuxLinux Kernel4.0.1
LinuxLinux Kernel4.0.2
LinuxLinux Kernel4.0.3
LinuxLinux Kernel4.0.4
LinuxLinux Kernel4.0.5
LinuxLinux Kernel4.0.6
LinuxLinux Kernel4.0.7
LinuxLinux Kernel4.0.8
LinuxLinux Kernel4.0.9
LinuxLinux Kernel4.1.1
LinuxLinux Kernel4.1.2
LinuxLinux Kernel4.1.3
LinuxLinux Kernel4.1.4
LinuxLinux Kernel4.1.5
LinuxLinux Kernel4.1.6
LinuxLinux Kernel4.1.7
LinuxLinux Kernel4.1.8
LinuxLinux Kernel4.1.9
LinuxLinux Kernel4.1.10
LinuxLinux Kernel4.2.1
LinuxLinux Kernel4.2.2
LinuxLinux Kernel4.2.3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-7445?
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
How severe is CVE-2013-7445?
Severity scoring for CVE-2013-7445 is pending analysis. The EPSS model estimates a 2.73% probability of exploitation in the next 30 days.
How do I fix CVE-2013-7445?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-7445?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST