High severity8.8CISA KEVNVD Advisory· Published Nov 20, 2013· Updated Jun 17, 2026

CVE-2013-6282

Description

The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <3.2.54
Ubuntu/Linux Kernelllm-fuzzy
Range: <3.5.5

Patches

Vulnerability mechanics

References

git.kernel.orgnvdPatch
www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282nvdPatch
github.com/torvalds/linux/commit/8404663f81d212918ff85f493649a7991209fa04nvdExploitPatch
www.exploit-db.com/exploits/40975/nvdExploitThird Party AdvisoryVDB Entry
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5nvdMailing ListVendor Advisory
www.securityfocus.com/bid/63734nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2067-1nvdThird Party AdvisoryVDB Entry
www.openwall.com/lists/oss-security/2013/11/14/11nvdMailing List
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.032
exploit	0.030
kev	0.120
patch	-0.070
ransomware	0.000