- Vulnerability/
- USN-1610-1
USN-1610-1: Linux kernel vulnerability
First published: Fri Oct 12 2012(Updated: )
Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions. (CVE-2012-3520) Mathias Krause discovered information leak in the Linux kernel's compat ioctl interface. A local user could exploit the flaw to examine parts of kernel stack memory (CVE-2012-6539) Mathias Krause discovered an information leak in the Linux kernel's getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this flaw to examine parts of kernel stack memory. (CVE-2012-6540) Mathias Krause discovered an information leak in the Linux kernel's getsockopt implementation for the Datagram Congestion Control Protocol (DCCP). A local user could exploit this flaw to examine some of the kernel's stack memory. (CVE-2012-6541) Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. (CVE-2012-6542) Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. (CVE-2012-6544) Mathias Krause discovered information leaks in the Linux kernel's Bluetooth RFCOMM protocol implementation. A local user could exploit these flaws to examine parts of kernel memory. (CVE-2012-6545) Mathias Krause discovered information leaks in the Linux kernel's Asynchronous Transfer Mode (ATM) networking stack. A local user could exploit these flaws to examine some parts of kernel memory. (CVE-2012-6546) A flaw was discovered in how netlink sockets validate message origins. A local attacker could exploit this flaw to send netlink message notifications, with spoofed credentials, to subscribed tasks. (CVE-2012-6689) Mathias Krause discover an error in Linux kernel's Datagram Congestion Control Protocol (DCCP) Congestion Control Identifier (CCID) use. A local attack could exploit this flaw to cause a denial of service (crash) and potentially escalate privileges if the user can mmap page 0. (CVE-2013-1827)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-3.2.0-32-omap | <3.2.0-32.51 | 3.2.0-32.51 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-32-powerpc-smp | <3.2.0-32.51 | 3.2.0-32.51 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-32-highbank | <3.2.0-32.51 | 3.2.0-32.51 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-32-powerpc64-smp | <3.2.0-32.51 | 3.2.0-32.51 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-32-generic-pae | <3.2.0-32.51 | 3.2.0-32.51 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-32-virtual | <3.2.0-32.51 | 3.2.0-32.51 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-32-generic | <3.2.0-32.51 | 3.2.0-32.51 |
| Ubuntu 22.04 LTS | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2012-3520
- https://ubuntu.com/security/CVE-2012-6539
- https://ubuntu.com/security/CVE-2012-6540
- https://ubuntu.com/security/CVE-2012-6541
- https://ubuntu.com/security/CVE-2012-6542
- https://ubuntu.com/security/CVE-2012-6544
- https://ubuntu.com/security/CVE-2012-6545
- https://ubuntu.com/security/CVE-2012-6546
- https://ubuntu.com/security/CVE-2012-6689
- https://ubuntu.com/security/CVE-2013-1827
- https://ubuntu.com/security/notices/USN-1599-1
- https://ubuntu.com/security/notices/USN-1648-1
- https://ubuntu.com/security/notices/USN-1649-1
- https://ubuntu.com/security/notices/USN-1798-1
- https://ubuntu.com/security/notices/USN-1792-1
- https://ubuntu.com/security/notices/USN-1652-1
- https://ubuntu.com/security/notices/USN-1805-1
- https://ubuntu.com/security/notices/USN-1808-1
- https://ubuntu.com/security/notices/USN-1653-1
- https://ubuntu.com/security/notices/USN-1607-1
- https://ubuntu.com/security/notices/USN-1651-1
- https://ubuntu.com/security/notices/USN-1594-1
- https://ubuntu.com/security/notices/USN-1609-1
- https://launchpad.net/ubuntu/+source/linux/3.2.0-32.51
- https://ubuntu.com/security/notices/USN-1610-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-1610-1?
USN-1610-1 has a high severity due to the potential for unprivileged local attackers to exploit privileged actions.
How do I fix USN-1610-1?
To resolve USN-1610-1, update your system to the recommended version linux-image-3.2.0-32.51 or later.
Which Ubuntu versions are affected by USN-1610-1?
USN-1610-1 affects Ubuntu version 12.04.
Who discovered the flaw in USN-1610-1?
The vulnerability in USN-1610-1 was discovered by Pablo Neira Ayuso and Mathias Krause.
What type of vulnerability is described in USN-1610-1?
USN-1610-1 describes a vulnerability related to netlink message credentials that could allow local attackers to perform privileged actions.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu 22.04 lts
- version/ubuntu 22.04 lts/12.04