Unrated severityNVD Advisory· Published Mar 22, 2013· Updated Jun 16, 2026
CVE-2013-1826
CVE-2013-1826
Description
The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <=3.5.6
- cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*
- Range: <3.5.7
Patches
Vulnerability mechanics
References
7- git.kernel.orgnvd
- rhn.redhat.com/errata/RHSA-2013-0744.htmlnvd
- www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7nvd
- www.openwall.com/lists/oss-security/2013/03/07/2nvd
- www.ubuntu.com/usn/USN-1829-1nvd
- bugzilla.redhat.com/show_bug.cginvd
- github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836nvd
News mentions
0No linked articles in our index yet.