[USN-1648-1] Linux kernel vulnerabilities
Several security issues were fixed in the kernel.
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
unprivileged user could exploit this flaw to read kernel stack memory.
(CVE-2012-0957)
Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
congestion control algorithm. A local attacker could use this to cause a
denial of service. (CVE-2012-4565)
Mathias Krause discovered a flaw in the Linux kernel's XFRM netlink
interface. A local user with the NET_ADMIN capability could exploit this
flaw to leak the contents of kernel memory. (CVE-2012-6536)
Mathias Krause discovered several errors in the Linux kernel's xfrm_user
implementation. A local attacker could exploit these flaws to examine parts
of kernel memory. (CVE-2012-6537)
Mathias Krause discovered an information leak in the Linux kernel's
xfrm_user copy_to_user_auth function. A local user could exploit this flaw
to examine parts of kernel heap memory. (CVE-2012-6538)
Mathias Krause discovered information leak in the Linux kernel's compat
ioctl interface. A local user could exploit the flaw to examine parts of
kernel stack memory (CVE-2012-6539)
Mathias Krause discovered an information leak in the Linux kernel's
getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this flaw
to examine parts of kernel stack memory. (CVE-2012-6540)
Mathias Krause discovered an information leak in the Linux kernel's
getsockopt implementation for the Datagram Congestion Control Protocol
(DCCP). A local user could exploit this flaw to examine some of the
kernel's stack memory. (CVE-2012-6541)
Mathias Krause discovered an information leak in the Linux kernel's
getsockname implementation for Logical Link Layer (llc) sockets. A local
user could exploit this flaw to examine some of the kernel's stack memory.
(CVE-2012-6542)
Mathias Krause discovered information leaks in the Linux kernel's Bluetooth
Logical Link Control and Adaptation Protocol (L2CAP) implementation. A
local user could exploit these flaws to examine some of the kernel's stack
memory. (CVE-2012-6544)
Mathias Krause discovered information leaks in the Linux kernel's Bluetooth
RFCOMM protocol implementation. A local user could exploit these flaws to
examine parts of kernel memory. (CVE-2012-6545)
Mathias Krause discovered information leaks in the Linux kernel's
Asynchronous Transfer Mode (ATM) networking stack. A local user could
exploit these flaws to examine some parts of kernel memory. (CVE-2012-6546)
A flaw was discovered in the Linux kernels handling of memory ranges with
PROT_NONE when transparent hugepages are in use. An unprivileged local user
could exploit this flaw to cause a denial of service (crash the system).
(CVE-2013-0309)
Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local
attacker with NET_ADMIN capability could potentially exploit this flaw to
escalate privileges. (CVE-2013-1826)
An information leak was discovered in the Linux kernel's /dev/dvb device. A
local user could exploit this flaw to obtain sensitive information from the
kernel's stack memory. (CVE-2013-1928)
- ID
- USN-1648-1
- Severity
- medium
- Severity from
- CVE-2013-1826
- URL
- https://ubuntu.com/security/notices/USN-1648-1
- Published
-
2012-11-30T09:25:37
(11 years ago) - Modified
-
2012-11-30T09:25:37
(11 years ago) - Other Advisories
-
- ALAS-2012-142
- ALAS-2013-148
- ALAS-2013-200
- ELSA-2012-1580
- ELSA-2012-2047
- ELSA-2012-2048
- ELSA-2013-0496
- ELSA-2013-0744
- ELSA-2013-0747
- ELSA-2013-1034
- ELSA-2013-1173
- ELSA-2013-1645
- ELSA-2013-2507
- ELSA-2013-2520
- ELSA-2013-2525
- ELSA-2013-2534
- ELSA-2013-2542
- ELSA-2013-2543
- ELSA-2013-2584
- ELSA-2013-2585
- FEDORA-2012-16669
- FEDORA-2012-16787
- FEDORA-2012-17413
- FEDORA-2012-17462
- FEDORA-2012-17479
- FEDORA-2012-18684
- FEDORA-2012-18691
- FEDORA-2012-19337
- FEDORA-2012-20240
- FEDORA-2013-1025
- FEDORA-2013-12990
- FEDORA-2013-2597
- FEDORA-2013-3106
- FEDORA-2013-3909
- FEDORA-2013-4357
- FEDORA-2013-6999
- FEDORA-2013-9123
- RHSA-2012:1580
- RHSA-2013:0496
- RHSA-2013:0744
- RHSA-2013:1173
- RHSA-2013:1645
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0652-1
- USN-1599-1
- USN-1610-1
- USN-1644-1
- USN-1645-1
- USN-1646-1
- USN-1647-1
- USN-1649-1
- USN-1650-1
- USN-1651-1
- USN-1652-1
- USN-1653-1
- USN-1671-1
- USN-1673-1
- USN-1704-1
- USN-1775-1
- USN-1776-1
- USN-1792-1
- USN-1798-1
- USN-1805-1
- USN-1808-1
- USN-1824-1
- USN-1829-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |