- Vulnerability/
- USN-1882-1
USN-1882-1: Linux kernel (OMAP4) vulnerabilities
First published: Fri Jun 14 2013(Updated: )
Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2013-2850) Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-1979) An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) An information leak was discovered in the Linux kernel's tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. (CVE-2013-2141) A flaw was discovered in the Linux kernel's perf events subsystem for Intel Sandy Bridge and Ivy Bridge processors. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-2146) An information leak was discovered in the Linux kernel's crypto API. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3076) An information leak was discovered in the Linux kernel's rcvmsg path for ATM (Asynchronous Transfer Mode). A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3222) An information leak was discovered in the Linux kernel's recvmsg path for ax25 address family. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3223) An information leak was discovered in the Linux kernel's recvmsg path for the bluetooth address family. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3224) An information leak was discovered in the Linux kernel's bluetooth rfcomm protocol support. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3225) An information leak was discovered in the Linux kernel's CAIF protocol implementation. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3227) An information leak was discovered in the Linux kernel's IRDA (infrared) support subsystem. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3228) An information leak was discovered in the Linux kernel's s390 - z/VM support. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3229) An information leak was discovered in the Linux kernel's l2tp (Layer Two Tunneling Protocol) implementation. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3230) An information leak was discovered in the Linux kernel's llc (Logical Link Layer 2) support. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3231) An information leak was discovered in the Linux kernel's receive message handling for the netrom address family. A local user could exploit this flaw to obtain sensitive information from the kernel's stack memory. (CVE-2013-3232) An information leak was discovered in the Linux kernel's nfc (near field communication) support. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3233) An information leak was discovered in the Linux kernel's Rose X.25 protocol layer. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3234) An information leak was discovered in the Linux kernel's TIPC (Transparent Inter Process Communication) protocol implementation. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. (CVE-2013-3235)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-3.5.0-226-omap4 | <3.5.0-226.39 | 3.5.0-226.39 |
| Ubuntu gir1.2-packagekitglib-1.0 | =12.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2013-0160
- https://ubuntu.com/security/CVE-2013-1979
- https://ubuntu.com/security/CVE-2013-2141
- https://ubuntu.com/security/CVE-2013-2146
- https://ubuntu.com/security/CVE-2013-2850
- https://ubuntu.com/security/CVE-2013-3076
- https://ubuntu.com/security/CVE-2013-3222
- https://ubuntu.com/security/CVE-2013-3223
- https://ubuntu.com/security/CVE-2013-3224
- https://ubuntu.com/security/CVE-2013-3225
- https://ubuntu.com/security/CVE-2013-3227
- https://ubuntu.com/security/CVE-2013-3228
- https://ubuntu.com/security/CVE-2013-3229
- https://ubuntu.com/security/CVE-2013-3230
- https://ubuntu.com/security/CVE-2013-3231
- https://ubuntu.com/security/CVE-2013-3232
- https://ubuntu.com/security/CVE-2013-3233
- https://ubuntu.com/security/CVE-2013-3234
- https://ubuntu.com/security/CVE-2013-3235
- https://ubuntu.com/security/notices/USN-1878-1
- https://ubuntu.com/security/notices/USN-2129-1
- https://ubuntu.com/security/notices/USN-1883-1
- https://ubuntu.com/security/notices/USN-2128-1
- https://ubuntu.com/security/notices/USN-1880-1
- https://ubuntu.com/security/notices/USN-1916-1
- https://ubuntu.com/security/notices/USN-1879-1
- https://ubuntu.com/security/notices/USN-1881-1
- https://ubuntu.com/security/notices/USN-1839-1
- https://ubuntu.com/security/notices/USN-1833-1
- https://ubuntu.com/security/notices/USN-1815-1
- https://ubuntu.com/security/notices/USN-1900-1
- https://ubuntu.com/security/notices/USN-1849-1
- https://ubuntu.com/security/notices/USN-1837-1
- https://ubuntu.com/security/notices/USN-1899-1
- https://ubuntu.com/security/notices/USN-1844-1
- https://ubuntu.com/security/notices/USN-1845-1
- https://ubuntu.com/security/notices/USN-1847-1
- https://ubuntu.com/security/notices/USN-1846-1
- https://ubuntu.com/security/notices/USN-1876-1
- https://ubuntu.com/security/notices/USN-1877-1
- https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.5.0-226.39
- https://ubuntu.com/security/notices/USN-1882-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-1882-1?
USN-1882-1 is classified as a critical vulnerability due to its potential to allow remote unauthenticated attackers to cause a denial of service or gain administrative privileges.
How do I fix USN-1882-1?
To fix USN-1882-1, you should upgrade the Linux kernel to version 3.5.0-226.39 or later.
Which systems are affected by USN-1882-1?
USN-1882-1 affects Ubuntu version 12.10 with the linux-image-3.5.0-226-omap4 package installed.
What kind of attack can exploit USN-1882-1?
USN-1882-1 can be exploited by remote unauthenticated attackers to induce system crashes or gain administrative access.
Who discovered the USN-1882-1 vulnerability?
The USN-1882-1 vulnerability was discovered by Kees Cook and Andy Lutomirski.
- agent/severity
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu gir1.2-packagekitglib-1.0
- version/ubuntu gir1.2-packagekitglib-1.0/12.10