ID CVE-2013-1826
Summary The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.
References
Vulnerable Configurations
  • Linux Kernel 3.5.6
    cpe:2.3:o:linux:linux_kernel:3.5.6
  • Linux Kernel 3.5.5
    cpe:2.3:o:linux:linux_kernel:3.5.5
  • Linux Kernel 3.5.4
    cpe:2.3:o:linux:linux_kernel:3.5.4
  • Linux Kernel 3.5.3
    cpe:2.3:o:linux:linux_kernel:3.5.3
  • Linux Kernel 3.5.2
    cpe:2.3:o:linux:linux_kernel:3.5.2
  • Linux Kernel 3.5.1
    cpe:2.3:o:linux:linux_kernel:3.5.1
CVSS
Base: 6.2 (as of 22-03-2013 - 13:09)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-2520.NASL
    description Description of changes: kernel-uek [2.6.32-400.26.2.el6uek] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517} - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349} - dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796} - net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547} - atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537} - xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68852
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68852
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2520)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1829-1.NASL
    description Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6549) Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. (CVE-2013-1826) A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2013-1860) An information leak was discovered in the Linux kernel's /dev/dvb device. A local user could exploit this flaw to obtain sensitive information from the kernel's stack memory. (CVE-2013-1928) An information leak in the Linux kernel's dcb netlink interface was discovered. A local user could obtain sensitive information by examining kernel stack memory. (CVE-2013-2634). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 66494
    published 2013-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66494
    title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1829-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1824-1.NASL
    description Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6549) Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. (CVE-2013-1826) A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2013-1860) An information leak was discovered in the Linux kernel's /dev/dvb device. A local user could exploit this flaw to obtain sensitive information from the kernel's stack memory. (CVE-2013-1928) An information leak in the Linux kernel's dcb netlink interface was discovered. A local user could obtain sensitive information by examining kernel stack memory. (CVE-2013-2634). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 66467
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66467
    title Ubuntu 10.04 LTS : linux vulnerabilities (USN-1824-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130423_KERNEL_ON_SL6_X.NASL
    description * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. (CVE-2013-0913, Important) * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the 'utf8=1' option could use this flaw to crash the system or, potentially, to escalate their privileges. (CVE-2013-1773, Important) * A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796, Important) * A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797, Important) * A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798, Important) * A race condition in install_user_keyrings(), leading to a NULL pointer dereference, was found in the key management facility. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-1792, Moderate) * A NULL pointer dereference in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to cause a denial of service. (CVE-2013-1826, Moderate) * A NULL pointer dereference in the Datagram Congestion Control Protocol (DCCP) implementation could allow a local user to cause a denial of service. (CVE-2013-1827, Moderate) * Information leak flaws in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2012-6537, Low) * Two information leak flaws in the Asynchronous Transfer Mode (ATM) subsystem could allow a local, unprivileged user to leak kernel stack memory to user-space. (CVE-2012-6546, Low) * An information leak was found in the TUN/TAP device driver in the networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low) * An information leak in the Bluetooth implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2013-0349, Low) * A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1767, Low) * A NULL pointer dereference was found in the Linux kernel's USB Inside Out Edgeport Serial Driver implementation. An attacker with physical access to a system could use this flaw to cause a denial of service. (CVE-2013-1774, Low)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 66214
    published 2013-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66214
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0744.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Security : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. (CVE-2013-0913, Important) * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the 'utf8=1' option could use this flaw to crash the system or, potentially, to escalate their privileges. (CVE-2013-1773, Important) * A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796, Important) * A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797, Important) * A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798, Important) * A race condition in install_user_keyrings(), leading to a NULL pointer dereference, was found in the key management facility. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-1792, Moderate) * A NULL pointer dereference in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to cause a denial of service. (CVE-2013-1826, Moderate) * A NULL pointer dereference in the Datagram Congestion Control Protocol (DCCP) implementation could allow a local user to cause a denial of service. (CVE-2013-1827, Moderate) * Information leak flaws in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2012-6537, Low) * Two information leak flaws in the Asynchronous Transfer Mode (ATM) subsystem could allow a local, unprivileged user to leak kernel stack memory to user-space. (CVE-2012-6546, Low) * An information leak was found in the TUN/TAP device driver in the networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low) * An information leak in the Bluetooth implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2013-0349, Low) * A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1767, Low) * A NULL pointer dereference was found in the Linux kernel's USB Inside Out Edgeport Serial Driver implementation. An attacker with physical access to a system could use this flaw to cause a denial of service. (CVE-2013-1774, Low) Red Hat would like to thank Andrew Honig of Google for reporting CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798. CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66204
    published 2013-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66204
    title CentOS 6 : kernel (CESA-2013:0744)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0744.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Security : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. (CVE-2013-0913, Important) * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the 'utf8=1' option could use this flaw to crash the system or, potentially, to escalate their privileges. (CVE-2013-1773, Important) * A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796, Important) * A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797, Important) * A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798, Important) * A race condition in install_user_keyrings(), leading to a NULL pointer dereference, was found in the key management facility. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-1792, Moderate) * A NULL pointer dereference in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to cause a denial of service. (CVE-2013-1826, Moderate) * A NULL pointer dereference in the Datagram Congestion Control Protocol (DCCP) implementation could allow a local user to cause a denial of service. (CVE-2013-1827, Moderate) * Information leak flaws in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2012-6537, Low) * Two information leak flaws in the Asynchronous Transfer Mode (ATM) subsystem could allow a local, unprivileged user to leak kernel stack memory to user-space. (CVE-2012-6546, Low) * An information leak was found in the TUN/TAP device driver in the networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low) * An information leak in the Bluetooth implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2013-0349, Low) * A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1767, Low) * A NULL pointer dereference was found in the Linux kernel's USB Inside Out Edgeport Serial Driver implementation. An attacker with physical access to a system could use this flaw to cause a denial of service. (CVE-2013-1774, Low) Red Hat would like to thank Andrew Honig of Google for reporting CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798. CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66192
    published 2013-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66192
    title RHEL 6 : kernel (RHSA-2013:0744)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0747-1.NASL
    description From Red Hat Security Advisory 2013:0747 : Updated kernel packages that fix several security issues and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use this flaw to cause a long loop in netback, leading to a denial of service that could potentially affect the entire system. (CVE-2013-0216, Moderate) * A flaw was found in the Xen PCI device back-end driver implementation in the Linux kernel. A privileged guest user in a guest that has a PCI passthrough device could use this flaw to cause a denial of service that could potentially affect the entire system. (CVE-2013-0231, Moderate) * A NULL pointer dereference flaw was found in the IP packet transformation framework (XFRM) implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-1826, Moderate) * Information leak flaws were found in the XFRM implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6537, Low) * An information leak flaw was found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6542, Low) * Two information leak flaws were found in the Linux kernel's Asynchronous Transfer Mode (ATM) subsystem. A local, unprivileged user could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6546, Low) * An information leak flaw was found in the TUN/TAP device driver in the Linux kernel's networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low) Red Hat would like to thank the Xen project for reporting the CVE-2013-0216 and CVE-2013-0231 issues. This update also fixes the following bugs : * The IPv4 code did not correctly update the Maximum Transfer Unit (MTU) of the designed interface when receiving ICMP Fragmentation Needed packets. Consequently, a remote host did not respond correctly to ping attempts. With this update, the IPv4 code has been modified so the MTU of the designed interface is adjusted as expected in this situation. The ping command now provides the expected output. (BZ#923353) * Previously, the be2net code expected the last word of an MCC completion message from the firmware to be transferred by direct memory access (DMA) at once. However, this is not always true, and could therefore cause the BUG_ON() macro to be triggered in the be_mcc_compl_is_new() function, consequently leading to a kernel panic. The BUG_ON() macro has been removed from be_mcc_compl_is_new(), and the kernel panic no longer occurs in this scenario. (BZ#923910) * Previously, the NFSv3 server incorrectly converted 64-bit cookies to 32-bit. Consequently, the cookies became invalid, which affected all file system operations depending on these cookies, such as the READDIR operation that is used to read entries from a directory. This led to various problems, such as exported directories being empty or displayed incorrectly, or an endless loop of the READDIRPLUS procedure which could potentially cause a buffer overflow. This update modifies knfsd code so that 64-bit cookies are now handled correctly and all file system operations work as expected. (BZ#924087) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68808
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68808
    title Oracle Linux 5 : kernel (ELSA-2013-0747-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2668.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2012-2121 Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU mapping of memory slots used in KVM device assignment. Local users with the ability to assign devices could cause a denial of service due to a memory page leak. - CVE-2012-3552 Hafid Lin reported an issue in the IP networking subsystem. A remote user can cause a denial of service (system crash) on servers running applications that set options on sockets which are actively being processed. - CVE-2012-4461 Jon Howell reported a denial of service issue in the KVM subsystem. On systems that do not support the XSAVE feature, local users with access to the /dev/kvm interface can cause a system crash. - CVE-2012-4508 Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4 filesystem. Local users could gain access to sensitive kernel memory. - CVE-2012-6537 Mathias Krause discovered information leak issues in the Transformation user configuration interface. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. - CVE-2012-6539 Mathias Krause discovered an issue in the networking subsystem. Local users on 64-bit systems can gain access to sensitive kernel memory. - CVE-2012-6540 Mathias Krause discovered an issue in the Linux virtual server subsystem. Local users can gain access to sensitive kernel memory. Note: this issue does not affect Debian provided kernels, but may affect custom kernels built from Debian's linux-source-2.6.32 package. - CVE-2012-6542 Mathias Krause discovered an issue in the LLC protocol support code. Local users can gain access to sensitive kernel memory. - CVE-2012-6544 Mathias Krause discovered issues in the Bluetooth subsystem. Local users can gain access to sensitive kernel memory. - CVE-2012-6545 Mathias Krause discovered issues in the Bluetooth RFCOMM protocol support. Local users can gain access to sensitive kernel memory. - CVE-2012-6546 Mathias Krause discovered issues in the ATM networking support. Local users can gain access to sensitive kernel memory. - CVE-2012-6548 Mathias Krause discovered an issue in the UDF file system support. Local users can obtain access to sensitive kernel memory. - CVE-2012-6549 Mathias Krause discovered an issue in the isofs file system support. Local users can obtain access to sensitive kernel memory. - CVE-2013-0349 Anderson Lizardo discovered an issue in the Bluetooth Human Interface Device Protocol (HIDP) stack. Local users can obtain access to sensitive kernel memory. - CVE-2013-0914 Emese Revfy discovered an issue in the signal implementation. Local users may be able to bypass the address space layout randomization (ASLR) facility due to a leaking of information to child processes. - CVE-2013-1767 Greg Thelen reported an issue in the tmpfs virtual memory filesystem. Local users with sufficient privilege to mount filesystems can cause a denial of service or possibly elevated privileges due to a use-after free defect. - CVE-2013-1773 Alan Stern provided a fix for a defect in the UTF8->UTF16 string conversion facility used by the VFAT filesystem. A local user could cause a buffer overflow condition, resulting in a denial of service or potentially elevated privileges. - CVE-2013-1774 Wolfgang Frisch provided a fix for a NULL pointer dereference defect in the driver for some serial USB devices from Inside Out Networks. Local users with permission to access these devices can create a denial of service (kernel oops) by causing the device to be removed while it is in use. - CVE-2013-1792 Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a race condition in the access key retention support in the kernel. A local user could cause a denial of service (NULL pointer dereference). - CVE-2013-1796 Andrew Honig of Google reported an issue in the KVM subsystem. A user in a guest operating system could corrupt kernel memory, resulting in a denial of service. - CVE-2013-1798 Andrew Honig of Google reported an issue in the KVM subsystem. A user in a guest operating system could cause a denial of service due to a use after-free defect. - CVE-2013-1826 Mathias Krause discovered an issue in the Transformation (XFRM) user configuration interface of the networking stack. A user with the CAP_NET_ADMIN capability may be able to gain elevated privileges. - CVE-2013-1860 Oliver Neukum discovered an issue in the USB CDC WCM Device Management driver. Local users with the ability to attach devices can cause a denial of service (kernel crash) or potentially gain elevated privileges. - CVE-2013-1928 Kees Cook provided a fix for an information leak in the VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications running on a 64-bit kernel. Local users can gain access to sensitive kernel memory. - CVE-2013-1929 Oded Horovitz and Brad Spengler reported an issue in the device driver for Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach untrusted devices can create an overflow condition, resulting in a denial of service or elevated privileges. - CVE-2013-2015 Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local users with the ability to mount a specially crafted filesystem can cause a denial of service (infinite loop). - CVE-2013-2634 Mathias Krause discovered a few issues in the Data Center Bridging (DCB) netlink interface. Local users can gain access to sensitive kernel memory. - CVE-2013-3222 Mathias Krause discovered an issue in the Asynchronous Transfer Mode (ATM) protocol support. Local users can gain access to sensitive kernel memory. - CVE-2013-3223 Mathias Krause discovered an issue in the Amateur Radio AX.25 protocol support. Local users can gain access to sensitive kernel memory. - CVE-2013-3224 Mathias Krause discovered an issue in the Bluetooth subsystem. Local users can gain access to sensitive kernel memory. - CVE-2013-3225 Mathias Krause discovered an issue in the Bluetooth RFCOMM protocol support. Local users can gain access to sensitive kernel memory. - CVE-2013-3228 Mathias Krause discovered an issue in the IrDA (infrared) subsystem support. Local users can gain access to sensitive kernel memory. - CVE-2013-3229 Mathias Krause discovered an issue in the IUCV support on s390 systems. Local users can gain access to sensitive kernel memory. - CVE-2013-3231 Mathias Krause discovered an issue in the ANSI/IEEE 802.2 LLC type 2 protocol support. Local users can gain access to sensitive kernel memory. - CVE-2013-3234 Mathias Krause discovered an issue in the Amateur Radio X.25 PLP (Rose) protocol support. Local users can gain access to sensitive kernel memory. - CVE-2013-3235 Mathias Krause discovered an issue in the Transparent Inter Process Communication (TIPC) protocol support. Local users can gain access to sensitive kernel memory.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66431
    published 2013-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66431
    title Debian DSA-2668-1 : linux-2.6 - privilege escalation/denial of service/information leak
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0744.NASL
    description From Red Hat Security Advisory 2013:0744 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Security : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. (CVE-2013-0913, Important) * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the 'utf8=1' option could use this flaw to crash the system or, potentially, to escalate their privileges. (CVE-2013-1773, Important) * A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796, Important) * A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797, Important) * A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798, Important) * A race condition in install_user_keyrings(), leading to a NULL pointer dereference, was found in the key management facility. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-1792, Moderate) * A NULL pointer dereference in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to cause a denial of service. (CVE-2013-1826, Moderate) * A NULL pointer dereference in the Datagram Congestion Control Protocol (DCCP) implementation could allow a local user to cause a denial of service. (CVE-2013-1827, Moderate) * Information leak flaws in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2012-6537, Low) * Two information leak flaws in the Asynchronous Transfer Mode (ATM) subsystem could allow a local, unprivileged user to leak kernel stack memory to user-space. (CVE-2012-6546, Low) * An information leak was found in the TUN/TAP device driver in the networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low) * An information leak in the Bluetooth implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2013-0349, Low) * A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1767, Low) * A NULL pointer dereference was found in the Linux kernel's USB Inside Out Edgeport Serial Driver implementation. An attacker with physical access to a system could use this flaw to cause a denial of service. (CVE-2013-1774, Low) Red Hat would like to thank Andrew Honig of Google for reporting CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798. CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68807
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68807
    title Oracle Linux 6 : kernel (ELSA-2013-0744)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0747.NASL
    description From Red Hat Security Advisory 2013:0747 : Updated kernel packages that fix several security issues and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use this flaw to cause a long loop in netback, leading to a denial of service that could potentially affect the entire system. (CVE-2013-0216, Moderate) * A flaw was found in the Xen PCI device back-end driver implementation in the Linux kernel. A privileged guest user in a guest that has a PCI passthrough device could use this flaw to cause a denial of service that could potentially affect the entire system. (CVE-2013-0231, Moderate) * A NULL pointer dereference flaw was found in the IP packet transformation framework (XFRM) implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-1826, Moderate) * Information leak flaws were found in the XFRM implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6537, Low) * An information leak flaw was found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6542, Low) * Two information leak flaws were found in the Linux kernel's Asynchronous Transfer Mode (ATM) subsystem. A local, unprivileged user could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6546, Low) * An information leak flaw was found in the TUN/TAP device driver in the Linux kernel's networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low) Red Hat would like to thank the Xen project for reporting the CVE-2013-0216 and CVE-2013-0231 issues. This update also fixes the following bugs : * The IPv4 code did not correctly update the Maximum Transfer Unit (MTU) of the designed interface when receiving ICMP Fragmentation Needed packets. Consequently, a remote host did not respond correctly to ping attempts. With this update, the IPv4 code has been modified so the MTU of the designed interface is adjusted as expected in this situation. The ping command now provides the expected output. (BZ#923353) * Previously, the be2net code expected the last word of an MCC completion message from the firmware to be transferred by direct memory access (DMA) at once. However, this is not always true, and could therefore cause the BUG_ON() macro to be triggered in the be_mcc_compl_is_new() function, consequently leading to a kernel panic. The BUG_ON() macro has been removed from be_mcc_compl_is_new(), and the kernel panic no longer occurs in this scenario. (BZ#923910) * Previously, the NFSv3 server incorrectly converted 64-bit cookies to 32-bit. Consequently, the cookies became invalid, which affected all file system operations depending on these cookies, such as the READDIR operation that is used to read entries from a directory. This led to various problems, such as exported directories being empty or displayed incorrectly, or an endless loop of the READDIRPLUS procedure which could potentially cause a buffer overflow. This update modifies knfsd code so that 64-bit cookies are now handled correctly and all file system operations work as expected. (BZ#924087) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68809
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68809
    title Oracle Linux 5 : kernel (ELSA-2013-0747)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130416_KERNEL_ON_SL5_X.NASL
    description This update fixes the following security issues : - A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use this flaw to cause a long loop in netback, leading to a denial of service that could potentially affect the entire system. (CVE-2013-0216, Moderate) - A flaw was found in the Xen PCI device back-end driver implementation in the Linux kernel. A privileged guest user in a guest that has a PCI passthrough device could use this flaw to cause a denial of service that could potentially affect the entire system. (CVE-2013-0231, Moderate) - A NULL pointer dereference flaw was found in the IP packet transformation framework (XFRM) implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-1826, Moderate) - Information leak flaws were found in the XFRM implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6537, Low) - An information leak flaw was found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6542, Low) - Two information leak flaws were found in the Linux kernel's Asynchronous Transfer Mode (ATM) subsystem. A local, unprivileged user could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6546, Low) - An information leak flaw was found in the TUN/TAP device driver in the Linux kernel's networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low) This update also fixes the following bugs : - The IPv4 code did not correctly update the Maximum Transfer Unit (MTU) of the designed interface when receiving ICMP Fragmentation Needed packets. Consequently, a remote host did not respond correctly to ping attempts. With this update, the IPv4 code has been modified so the MTU of the designed interface is adjusted as expected in this situation. The ping command now provides the expected output. - Previously, the be2net code expected the last word of an MCC completion message from the firmware to be transferred by direct memory access (DMA) at once. However, this is not always true, and could therefore cause the BUG_ON() macro to be triggered in the be_mcc_compl_is_new() function, consequently leading to a kernel panic. The BUG_ON() macro has been removed from be_mcc_compl_is_new(), and the kernel panic no longer occurs in this scenario. - Previously, the NFSv3 server incorrectly converted 64-bit cookies to 32-bit. Consequently, the cookies became invalid, which affected all file system operations depending on these cookies, such as the READDIR operation that is used to read entries from a directory. This led to various problems, such as exported directories being empty or displayed incorrectly, or an endless loop of the READDIRPLUS procedure which could potentially cause a buffer overflow. This update modifies knfsd code so that 64-bit cookies are now handled correctly and all file system operations work as expected. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 66016
    published 2013-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66016
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0747.NASL
    description Updated kernel packages that fix several security issues and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use this flaw to cause a long loop in netback, leading to a denial of service that could potentially affect the entire system. (CVE-2013-0216, Moderate) * A flaw was found in the Xen PCI device back-end driver implementation in the Linux kernel. A privileged guest user in a guest that has a PCI passthrough device could use this flaw to cause a denial of service that could potentially affect the entire system. (CVE-2013-0231, Moderate) * A NULL pointer dereference flaw was found in the IP packet transformation framework (XFRM) implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-1826, Moderate) * Information leak flaws were found in the XFRM implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6537, Low) * An information leak flaw was found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6542, Low) * Two information leak flaws were found in the Linux kernel's Asynchronous Transfer Mode (ATM) subsystem. A local, unprivileged user could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6546, Low) * An information leak flaw was found in the TUN/TAP device driver in the Linux kernel's networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low) Red Hat would like to thank the Xen project for reporting the CVE-2013-0216 and CVE-2013-0231 issues. This update also fixes the following bugs : * The IPv4 code did not correctly update the Maximum Transfer Unit (MTU) of the designed interface when receiving ICMP Fragmentation Needed packets. Consequently, a remote host did not respond correctly to ping attempts. With this update, the IPv4 code has been modified so the MTU of the designed interface is adjusted as expected in this situation. The ping command now provides the expected output. (BZ#923353) * Previously, the be2net code expected the last word of an MCC completion message from the firmware to be transferred by direct memory access (DMA) at once. However, this is not always true, and could therefore cause the BUG_ON() macro to be triggered in the be_mcc_compl_is_new() function, consequently leading to a kernel panic. The BUG_ON() macro has been removed from be_mcc_compl_is_new(), and the kernel panic no longer occurs in this scenario. (BZ#923910) * Previously, the NFSv3 server incorrectly converted 64-bit cookies to 32-bit. Consequently, the cookies became invalid, which affected all file system operations depending on these cookies, such as the READDIR operation that is used to read entries from a directory. This led to various problems, such as exported directories being empty or displayed incorrectly, or an endless loop of the READDIRPLUS procedure which could potentially cause a buffer overflow. This update modifies knfsd code so that 64-bit cookies are now handled correctly and all file system operations work as expected. (BZ#924087) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65988
    published 2013-04-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65988
    title CentOS 5 : kernel (CESA-2013:0747)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0747.NASL
    description Updated kernel packages that fix several security issues and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use this flaw to cause a long loop in netback, leading to a denial of service that could potentially affect the entire system. (CVE-2013-0216, Moderate) * A flaw was found in the Xen PCI device back-end driver implementation in the Linux kernel. A privileged guest user in a guest that has a PCI passthrough device could use this flaw to cause a denial of service that could potentially affect the entire system. (CVE-2013-0231, Moderate) * A NULL pointer dereference flaw was found in the IP packet transformation framework (XFRM) implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-1826, Moderate) * Information leak flaws were found in the XFRM implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6537, Low) * An information leak flaw was found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6542, Low) * Two information leak flaws were found in the Linux kernel's Asynchronous Transfer Mode (ATM) subsystem. A local, unprivileged user could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6546, Low) * An information leak flaw was found in the TUN/TAP device driver in the Linux kernel's networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low) Red Hat would like to thank the Xen project for reporting the CVE-2013-0216 and CVE-2013-0231 issues. This update also fixes the following bugs : * The IPv4 code did not correctly update the Maximum Transfer Unit (MTU) of the designed interface when receiving ICMP Fragmentation Needed packets. Consequently, a remote host did not respond correctly to ping attempts. With this update, the IPv4 code has been modified so the MTU of the designed interface is adjusted as expected in this situation. The ping command now provides the expected output. (BZ#923353) * Previously, the be2net code expected the last word of an MCC completion message from the firmware to be transferred by direct memory access (DMA) at once. However, this is not always true, and could therefore cause the BUG_ON() macro to be triggered in the be_mcc_compl_is_new() function, consequently leading to a kernel panic. The BUG_ON() macro has been removed from be_mcc_compl_is_new(), and the kernel panic no longer occurs in this scenario. (BZ#923910) * Previously, the NFSv3 server incorrectly converted 64-bit cookies to 32-bit. Consequently, the cookies became invalid, which affected all file system operations depending on these cookies, such as the READDIR operation that is used to read entries from a directory. This led to various problems, such as exported directories being empty or displayed incorrectly, or an endless loop of the READDIRPLUS procedure which could potentially cause a buffer overflow. This update modifies knfsd code so that 64-bit cookies are now handled correctly and all file system operations work as expected. (BZ#924087) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65991
    published 2013-04-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65991
    title RHEL 5 : kernel (RHSA-2013:0747)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-2534.NASL
    description Description of changes: [2.6.32-400.29.1.el6uek] - KVM: add missing void __user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) [Orabug: 16941620] {CVE-2013-1943} - KVM: Validate userspace_addr of memslot when registered (Takuya Yoshikawa) [Orabug: 16941620] {CVE-2013-1943} [2.6.32-400.28.1.el6uek] - do_add_mount()/umount -l races (Jerry Snitselaar) [Orabug: 16311974] - tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16837019] {CVE-2013-1929} - USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16837003] {CVE-2013-1860} - bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16579025] - sched: Fix ancient race in do_exit() (Joe Jin) - open debug in page_move_anon_rmap by default. (Xiaowei.Hu) [Orabug: 14046035] - block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387136] {CVE-2012-4542} - vma_adjust: fix the copying of anon_vma chains (Linus Torvalds) [Orabug: 14046035] - xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek) [Orabug: 16182568] - svcrpc: don't hold sv_lock over svc_xprt_put() (J. Bruce Fields) [Orabug: 16032824] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517} - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349} - dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796} [2.6.32-400.27.1.el6uek] - net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547} - atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537} - xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - llc: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6542} - x86/mm: Check if PUD is large when validating a kernel address (Mel Gorman) [Orabug: 14251997]
    last seen 2019-02-21
    modified 2016-05-20
    plugin id 68856
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68856
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2534)
redhat via4
advisories
  • bugzilla
    id 922424
    title CVE-2012-6537 Kernel: xfrm_user information leaks copy_to_user_
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747002
        • comment kernel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314003
      • AND
        • comment kernel-PAE is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747020
        • comment kernel-PAE is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314021
      • AND
        • comment kernel-PAE-devel is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747022
        • comment kernel-PAE-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314023
      • AND
        • comment kernel-debug is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747010
        • comment kernel-debug is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314015
      • AND
        • comment kernel-debug-devel is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747006
        • comment kernel-debug-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314009
      • AND
        • comment kernel-devel is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747012
        • comment kernel-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314007
      • AND
        • comment kernel-doc is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747024
        • comment kernel-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314025
      • AND
        • comment kernel-headers is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747004
        • comment kernel-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314005
      • AND
        • comment kernel-kdump is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747018
        • comment kernel-kdump is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314017
      • AND
        • comment kernel-kdump-devel is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747016
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314019
      • AND
        • comment kernel-xen is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747008
        • comment kernel-xen is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314011
      • AND
        • comment kernel-xen-devel is earlier than 0:2.6.18-348.4.1.el5
          oval oval:com.redhat.rhsa:tst:20130747014
        • comment kernel-xen-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314013
    rhsa
    id RHSA-2013:0747
    released 2013-04-16
    severity Moderate
    title RHSA-2013:0747: kernel security and bug fix update (Moderate)
  • rhsa
    id RHSA-2013:0744
rpms
  • kernel-0:2.6.32-358.6.1.el6
  • kernel-bootwrapper-0:2.6.32-358.6.1.el6
  • kernel-debug-0:2.6.32-358.6.1.el6
  • kernel-debug-devel-0:2.6.32-358.6.1.el6
  • kernel-devel-0:2.6.32-358.6.1.el6
  • kernel-doc-0:2.6.32-358.6.1.el6
  • kernel-firmware-0:2.6.32-358.6.1.el6
  • kernel-headers-0:2.6.32-358.6.1.el6
  • kernel-kdump-0:2.6.32-358.6.1.el6
  • kernel-kdump-devel-0:2.6.32-358.6.1.el6
  • perf-0:2.6.32-358.6.1.el6
  • python-perf-0:2.6.32-358.6.1.el6
  • kernel-0:2.6.18-348.4.1.el5
  • kernel-PAE-0:2.6.18-348.4.1.el5
  • kernel-PAE-devel-0:2.6.18-348.4.1.el5
  • kernel-debug-0:2.6.18-348.4.1.el5
  • kernel-debug-devel-0:2.6.18-348.4.1.el5
  • kernel-devel-0:2.6.18-348.4.1.el5
  • kernel-doc-0:2.6.18-348.4.1.el5
  • kernel-headers-0:2.6.18-348.4.1.el5
  • kernel-kdump-0:2.6.18-348.4.1.el5
  • kernel-kdump-devel-0:2.6.18-348.4.1.el5
  • kernel-xen-0:2.6.18-348.4.1.el5
  • kernel-xen-devel-0:2.6.18-348.4.1.el5
refmap via4
confirm
mlist [oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
ubuntu USN-1829-1
Last major update 04-06-2013 - 23:42
Published 22-03-2013 - 07:59
Back to Top