What is the severity of USN-1878-1?

The severity of USN-1878-1 is characterized as a medium risk due to the potential for information leakage.

How do I fix USN-1878-1?

To fix USN-1878-1, you should upgrade to the latest kernel version available for Ubuntu 12.04 that exceeds version 3.2.0-48.74.

What systems are affected by USN-1878-1?

USN-1878-1 affects Ubuntu 12.04 systems running specific versions of the Linux kernel.

What information could be leaked due to USN-1878-1?

USN-1878-1 could allow a local user to leak sensitive information such as keystroke timing and password length.

Is USN-1878-1 a remote vulnerability?

No, USN-1878-1 is a local vulnerability that requires an authenticated user to exploit.

Vulnerability/
USN-1878-1

14/6/2013

USN-1878-1: Linux kernel vulnerabilities

First published: Fri Jun 14 2013(Updated: )

An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) A flaw was discovered in the Linux kernel's perf events subsystem for Intel Sandy Bridge and Ivy Bridge processors. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-2146) An information leak was discovered in the Linux kernel's crypto API. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3076) An information leak was discovered in the Linux kernel's rcvmsg path for ATM (Asynchronous Transfer Mode). A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3222) An information leak was discovered in the Linux kernel's recvmsg path for ax25 address family. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3223) An information leak was discovered in the Linux kernel's recvmsg path for the bluetooth address family. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3224) An information leak was discovered in the Linux kernel's bluetooth rfcomm protocol support. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3225) An information leak was discovered in the Linux kernel's CAIF protocol implementation. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3227) An information leak was discovered in the Linux kernel's IRDA (infrared) support subsystem. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3228) An information leak was discovered in the Linux kernel's s390 - z/VM support. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3229) An information leak was discovered in the Linux kernel's llc (Logical Link Layer 2) support. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3231) An information leak was discovered in the Linux kernel's receive message handling for the netrom address family. A local user could exploit this flaw to obtain sensitive information from the kernel's stack memory. (CVE-2013-3232) An information leak was discovered in the Linux kernel's Rose X.25 protocol layer. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3234) An information leak was discovered in the Linux kernel's TIPC (Transparent Inter Process Communication) protocol implementation. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3235)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-3.2.0-48-highbank	<3.2.0-48.74	3.2.0-48.74
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-48-powerpc-smp	<3.2.0-48.74	3.2.0-48.74
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-48-powerpc64-smp	<3.2.0-48.74	3.2.0-48.74
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-48-virtual	<3.2.0-48.74	3.2.0-48.74
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-48-generic-pae	<3.2.0-48.74	3.2.0-48.74
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-48-omap	<3.2.0-48.74	3.2.0-48.74
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-48-generic	<3.2.0-48.74	3.2.0-48.74
Ubuntu 22.04 LTS	=12.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-1878-1?
The severity of USN-1878-1 is characterized as a medium risk due to the potential for information leakage.
How do I fix USN-1878-1?
To fix USN-1878-1, you should upgrade to the latest kernel version available for Ubuntu 12.04 that exceeds version 3.2.0-48.74.
What systems are affected by USN-1878-1?
USN-1878-1 affects Ubuntu 12.04 systems running specific versions of the Linux kernel.
What information could be leaked due to USN-1878-1?
USN-1878-1 could allow a local user to leak sensitive information such as keystroke timing and password length.
Is USN-1878-1 a remote vulnerability?
No, USN-1878-1 is a local vulnerability that requires an authenticated user to exploit.

agent/references
agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/event
agent/title
agent/description
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu 22.04 lts
version/ubuntu 22.04 lts/12.04