High severity8.8CISA KEVNVD Advisory· Published Nov 20, 2013· Updated Apr 22, 2026

CVE-2013-6282

Description

The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <3.2.54

Patches

8404663f81d2

https://github.com/torvalds/linuxvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282nvdPatch
github.com/torvalds/linux/commit/8404663f81d212918ff85f493649a7991209fa04nvdExploitPatch
www.exploit-db.com/exploits/40975/nvdExploitThird Party AdvisoryVDB Entry
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5nvdMailing ListVendor Advisory
www.securityfocus.com/bid/63734nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2067-1nvdThird Party AdvisoryVDB Entry
www.openwall.com/lists/oss-security/2013/11/14/11nvdMailing List
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.055
exploit	0.030
kev	0.120
patch	-0.070
ransomware	0.000