What is the severity of USN-1797-1?

USN-1797-1 is considered a critical vulnerability due to its potential to cause denial of service and privilege escalation.

How do I fix USN-1797-1?

To fix USN-1797-1, you should upgrade to linux-image-3.5.0-222-omap4 version 3.5.0-222.34 or later.

Who discovered the vulnerability in USN-1797-1?

The vulnerability in USN-1797-1 was discovered by Andrew Jones.

What systems are affected by USN-1797-1?

USN-1797-1 affects the Ubuntu 12.10 operating system running on the 32-bit Xen paravirtualized platform.

What potential impacts does USN-1797-1 have?

The impacts of USN-1797-1 include the potential for denial of service and unauthorized access to guest OS privileges.

Vulnerability/
USN-1797-1

CWE

416

8/4/2013

USN-1797-1: Linux kernel (OMAP4) vulnerabilities

First published: Mon Apr 08 2013(Updated: )

Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. (CVE-2013-0228) Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). (CVE-2013-0914) A memory use after free error was discover in the Linux kernel's tmpfs filesystem. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-1767) Mateusz Guzik discovered a race in the Linux kernel's keyring. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1792) Mathias Krause discovered a memory leak in the Linux kernel's crypto report API. A local user with CAP_NET_ADMIN could exploit this leak to examine some of the kernel's stack memory. (CVE-2013-2546) Mathias Krause discovered a memory leak in the Linux kernel's crypto report API. A local user with CAP_NET_ADMIN could exploit this leak to examine some of the kernel's heap memory. (CVE-2013-2547) Mathias Krause discovered information leaks in the Linux kernel's crypto algorithm report API. A local user could exploit these flaws to leak kernel stack and heap memory contents. (CVE-2013-2548)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-3.5.0-222-omap4	<3.5.0-222.33	3.5.0-222.33
Ubuntu gir1.2-packagekitglib-1.0	=12.10

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-1797-1?
USN-1797-1 is considered a critical vulnerability due to its potential to cause denial of service and privilege escalation.
How do I fix USN-1797-1?
To fix USN-1797-1, you should upgrade to linux-image-3.5.0-222-omap4 version 3.5.0-222.34 or later.
Who discovered the vulnerability in USN-1797-1?
The vulnerability in USN-1797-1 was discovered by Andrew Jones.
What systems are affected by USN-1797-1?
USN-1797-1 affects the Ubuntu 12.10 operating system running on the 32-bit Xen paravirtualized platform.
What potential impacts does USN-1797-1 have?
The impacts of USN-1797-1 include the potential for denial of service and unauthorized access to guest OS privileges.

agent/severity
agent/type
agent/references
agent/last-modified-date
agent/first-publish-date
agent/event
agent/title
agent/weakness
agent/description
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu gir1.2-packagekitglib-1.0
version/ubuntu gir1.2-packagekitglib-1.0/12.10