What is CVE-2013-4125?

CVE-2013-4125 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.4 out of 10. CVE-2013-4125 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2013-4125?

CVE-2013-4125 has a CVSS score of 5.4 out of 10, rated Medium severity. The vector string is AV:N/AC:H/Au:N/C:N/I:N/A:C.

Is there a patch available for CVE-2013-4125?

No patch is currently available for CVE-2013-4125. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2013-4125 actively exploited?

CVE-2013-4125 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2013-4125

Medium

The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages.

Package Linux Kernel

Published 2013-07-15

Last modified 2026-04-29

CVSS version 2.0

Patch available

Awaiting data

CVSS 2.0 score

5.4

out of 10

Medium

Attack Vector

Network

Attack Complexity

High

Privileges Required

User Interaction

Scope

Confidentiality

High

Integrity

None

Availability

Vector string

AV:N/AC:H/Au:N/C:N/I:N/A:C

Weakness type

CWE-399

CVE-2013-4125 is classified as CWE-399

See CWE-399 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2013-4125 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Lists
http://lists.fedoraproject.org/pipermail/package-announce/2013-July/112454.html
Lists
http://lists.fedoraproject.org/pipermail/package-announce/2013-July/112619.html
Openwall
http://www.openwall.com/lists/oss-security/2013/07/15/4
Securityfocus
http://www.securityfocus.com/bid/61166
Securitytracker
http://www.securitytracker.com/id/1028780
Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=984664
Exchange
https://exchange.xforce.ibmcloud.com/vulnerabilities/85645
Kernel patch commit
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=307f2fb95e9b96b3577916e73d92e104f8f26494
Patch
Kernel patch commit
https://github.com/torvalds/linux/commit/307f2fb95e9b96b3577916e73d92e104f8f26494
Patch

Details

CVE ID CVE-2013-4125

Severity Medium

CVSS score 5.4 / 10

CVSS version 2.0

Published 2013-07-15

Modified 2026-04-29

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2013-4125?

CVE-2013-4125 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.4 out of 10 . CVE-2013-4125 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2013-4125?

CVE-2013-4125 has a CVSS score of 5.4 out of 10, rated Medium severity (CVSS 2.0). The vector string is AV:N/AC:H/Au:N/C:N/I:N/A:C.
Is there a patch available for CVE-2013-4125?

No patch is currently available for CVE-2013-4125. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2013-4125 actively exploited?

No — CVE-2013-4125 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.