What is the severity of USN-1809-1?

USN-1809-1 has a moderate severity rating due to the potential for information leakage in the Linux kernel's UDF file system.

How do I fix USN-1809-1?

To fix USN-1809-1, upgrade to the provided remedy packages which include linux-image-3.2.0-41.66 for Ubuntu 12.04.

What systems are affected by USN-1809-1?

USN-1809-1 affects various versions of the Linux kernel packages on Ubuntu 12.04, specifically those below linux-image-3.2.0-41.66.

Can USN-1809-1 be exploited by local users?

Yes, a local user can exploit USN-1809-1 to examine some of the kernel's heap memory, potentially leaking sensitive information.

Is there a workaround for USN-1809-1?

There is no known workaround for USN-1809-1; upgrading the kernel is the recommended solution.

Vulnerability/
USN-1809-1

CWE

119 190 416

1/5/2013

USN-1809-1: Linux kernel vulnerabilities

First published: Wed May 01 2013(Updated: )

Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6548) Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6549) An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. (CVE-2013-0913) Andrew Honig discovered a flaw in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to cause a denial of service (crash host system) or potential escalate privilege to the host kernel level. (CVE-2013-1796) Andrew Honig discovered a use after free error in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to escalate privilege to the host kernel level. (CVE-2013-1797) Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine) emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service (crash the host). (CVE-2013-1798) A format-string bug was discovered in the Linux kernel's ext3 filesystem driver. A local user could exploit this flaw to possibly escalate privileges on the system. (CVE-2013-1848) A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2013-1860) A flaw was discovered in the SCTP (stream control transfer protocol) network protocol's handling of duplicate cookies in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (system crash) on another remote user querying the SCTP connection. (CVE-2013-2206) An information leak in the Linux kernel's dcb netlink interface was discovered. A local user could obtain sensitive information by examining kernel stack memory. (CVE-2013-2634) A kernel stack information leak was discovered in the RTNETLINK component of the Linux kernel. A local user could read sensitive information from the kernel stack. (CVE-2013-2635)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-3.2.0-41-virtual	<3.2.0-41.66	3.2.0-41.66
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-41-generic-pae	<3.2.0-41.66	3.2.0-41.66
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-41-powerpc-smp	<3.2.0-41.66	3.2.0-41.66
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-41-powerpc64-smp	<3.2.0-41.66	3.2.0-41.66
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-41-omap	<3.2.0-41.66	3.2.0-41.66
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-41-generic	<3.2.0-41.66	3.2.0-41.66
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-41-highbank	<3.2.0-41.66	3.2.0-41.66
Ubuntu 22.04 LTS	=12.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-1809-1?
USN-1809-1 has a moderate severity rating due to the potential for information leakage in the Linux kernel's UDF file system.
How do I fix USN-1809-1?
To fix USN-1809-1, upgrade to the provided remedy packages which include linux-image-3.2.0-41.66 for Ubuntu 12.04.
What systems are affected by USN-1809-1?
USN-1809-1 affects various versions of the Linux kernel packages on Ubuntu 12.04, specifically those below linux-image-3.2.0-41.66.
Can USN-1809-1 be exploited by local users?
Yes, a local user can exploit USN-1809-1 to examine some of the kernel's heap memory, potentially leaking sensitive information.
Is there a workaround for USN-1809-1?
There is no known workaround for USN-1809-1; upgrading the kernel is the recommended solution.

agent/references
agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/event
agent/title
agent/weakness
agent/description
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu 22.04 lts
version/ubuntu 22.04 lts/12.04