Format String Vulnerability in Linux Kernel's register_disk Function

Format String Vulnerability in Linux Kernel's register_disk Function

CVE-2013-2851 · MEDIUM Severity

AV:L/AC:H/AU:S/C:C/I:C/A:C

Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.