Unrated severityNVD Advisory· Published Mar 22, 2013· Updated Jun 16, 2026

CVE-2013-1828

Description

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=3.8,<3.8.4
Linux/Linux kernelllm-fuzzy
Range: <3.8.4

Patches

Vulnerability mechanics

References

grsecurity.net/~spender/sctp.cnvdExploitThird Party Advisory
github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1nvdExploitPatchThird Party Advisory
git.kernel.orgnvdVendor Advisory
twitter.com/grsecurity/statuses/309805924749541376nvdThird Party Advisory
www.exploit-db.com/exploits/24747nvdThird Party AdvisoryVDB Entry
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4nvdVendor Advisory
www.openwall.com/lists/oss-security/2013/03/08/2nvdMailing ListThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000