[USN-2049-1] Linux kernel vulnerabilities
Several security issues were fixed in the kernel.
Miroslav Vadkerti discovered a flaw in how the permissions for network
sysctls are handled in the Linux kernel. An unprivileged local user could
exploit this flaw to have privileged access to files in /proc/sys/net/.
(CVE-2013-4270)
A flaw was discovered in the Linux kernel's dm snapshot facility. A remote
authenticated user could exploit this flaw to obtain sensitive information
or modify/corrupt data. (CVE-2013-4299)
Wannes Rombouts reported a vulnerability in the networking tuntap interface
of the Linux kernel. A local user with the CAP_NET_ADMIN capability could
leverage this flaw to gain full admin privileges. (CVE-2013-4343)
Alan Chester reported a flaw in the IPv6 Stream Control Transmission
Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this
flaw to obtain sensitive information by sniffing network traffic.
(CVE-2013-4350)
Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP
Fragmentation Offload (UFO) processing. A remote attacker could leverage
this flaw to cause a denial of service (system crash). (CVE-2013-4387)
Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP
Fragmentation Offload (UFO). An unprivileged local user could exploit this
flaw to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2013-4470)
A flaw was discovered in the Linux kernel's fib6 error-code encoding for
IPv6. A local user with the CAT_NET_ADMIN capability could exploit this
flaw to cause a denial of service (system crash). (CVE-2013-6431)
Evan Huus reported a buffer overflow in the Linux kernel's radiotap header
parsing. A remote attacker could cause a denial of service (buffer over-
read) via a specially crafted header. (CVE-2013-7027)
An information leak was discovered in the Linux kernel's SIOCWANDEV ioctl
call. A local user with the CAP_NET_ADMIN capability could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-1444)
An information leak was discovered in the wanxl ioctl function the Linux
kernel. A local user could exploit this flaw to obtain potentially
sensitive information from kernel memory. (CVE-2014-1445)
- ID
- USN-2049-1
- Severity
- medium
- Severity from
- CVE-2013-4343
- URL
- https://ubuntu.com/security/notices/USN-2049-1
- Published
-
2013-12-07T15:54:49
(10 years ago) - Modified
-
2013-12-07T15:54:49
(10 years ago) - Other Advisories
-
- ALAS-2013-233
- ALAS-2013-252
- ELSA-2013-1436
- ELSA-2013-1449
- ELSA-2013-1645
- ELSA-2013-1801
- ELSA-2013-2575
- ELSA-2013-2576
- ELSA-2013-2577
- ELSA-2013-2583
- ELSA-2013-2584
- ELSA-2013-2587
- ELSA-2013-2588
- ELSA-2013-2589
- ELSA-2014-3002
- FEDORA-2013-16794
- FEDORA-2013-17010
- FEDORA-2013-17012
- FEDORA-2013-17865
- FEDORA-2013-17942
- FEDORA-2013-18364
- FEDORA-2013-18820
- FEDORA-2013-18822
- FEDORA-2013-18867
- FEDORA-2013-20547
- FEDORA-2013-20705
- FEDORA-2013-20748
- FEDORA-2013-21807
- FEDORA-2013-21822
- FEDORA-2013-22669
- FEDORA-2013-22695
- FEDORA-2013-23653
- FEDORA-2014-0684
- FEDORA-2014-1072
- FEDORA-2014-11008
- FEDORA-2014-13020
- FEDORA-2014-14068
- FEDORA-2014-17244
- FEDORA-2014-2606
- FEDORA-2014-2887
- FEDORA-2014-3448
- FEDORA-2014-4360
- FEDORA-2014-4849
- FEDORA-2014-5609
- FEDORA-2014-6354
- FEDORA-2014-7320
- FEDORA-2014-7426
- FEDORA-2014-8487
- FEDORA-2014-9142
- FEDORA-2014-9449
- RHSA-2013:1436
- RHSA-2013:1645
- RHSA-2013:1801
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0581-1
- SUSE-SU-2015:0652-1
- SUSE-SU-2015:0736-1
- SUSE-SU-2015:1174-1
- SUSE-SU-2015:1376-1
- SUSE-SU-2019:1527-1
- USN-2015-1
- USN-2016-1
- USN-2019-1
- USN-2020-1
- USN-2021-1
- USN-2022-1
- USN-2023-1
- USN-2024-1
- USN-2038-1
- USN-2039-1
- USN-2040-1
- USN-2041-1
- USN-2042-1
- USN-2043-1
- USN-2044-1
- USN-2045-1
- USN-2046-1
- USN-2050-1
- USN-2066-1
- USN-2067-1
- USN-2068-1
- USN-2069-1
- USN-2071-1
- USN-2072-1
- USN-2073-1
- USN-2074-1
- USN-2076-1
- USN-2128-1
- USN-2129-1
- USN-2233-1
- USN-2234-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |