USN-1899-1: Linux kernel vulnerabilities
First published: Thu Jul 04 2013(Updated: )
Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. (CVE-2012-4508) Dave Jones discovered that the Linux kernel's socket subsystem does not correctly ensure the keepalive action is associated with a stream socket. A local user could exploit this flaw to cause a denial of service (system crash) by creating a raw socket. (CVE-2012-6657) An information leak was discovered in the Linux kernel's tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. (CVE-2013-2141) Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-2852)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-2.6.32-49-generic-pae | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-preempt | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-virtual | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-lpia | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-sparc64 | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-server | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-powerpc-smp | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-versatile | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-powerpc64-smp | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-386 | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-generic | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-powerpc | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-sparc64-smp | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-49-ia64 | <2.6.32-49.111 | 2.6.32-49.111 |
| Ubuntu 22.04 LTS | =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2012-4508
- https://ubuntu.com/security/CVE-2012-6657
- https://ubuntu.com/security/CVE-2013-2141
- https://ubuntu.com/security/CVE-2013-2852
- https://ubuntu.com/security/notices/USN-1644-1
- https://ubuntu.com/security/notices/USN-1719-1
- https://ubuntu.com/security/notices/USN-1900-1
- https://ubuntu.com/security/notices/USN-1645-1
- https://ubuntu.com/security/notices/USN-1704-1
- https://ubuntu.com/security/notices/USN-1673-1
- https://ubuntu.com/security/notices/USN-1671-1
- https://ubuntu.com/security/notices/USN-1720-1
- https://ubuntu.com/security/notices/USN-1726-1
- https://ubuntu.com/security/notices/USN-1839-1
- https://ubuntu.com/security/notices/USN-1833-1
- https://ubuntu.com/security/notices/USN-1883-1
- https://ubuntu.com/security/notices/USN-1880-1
- https://ubuntu.com/security/notices/USN-1881-1
- https://ubuntu.com/security/notices/USN-1882-1
- https://ubuntu.com/security/notices/USN-1849-1
- https://ubuntu.com/security/notices/USN-1837-1
- https://ubuntu.com/security/notices/USN-1930-1
- https://ubuntu.com/security/notices/USN-1936-1
- https://ubuntu.com/security/notices/USN-1918-1
- https://ubuntu.com/security/notices/USN-1914-1
- https://ubuntu.com/security/notices/USN-1915-1
- https://ubuntu.com/security/notices/USN-1919-1
- https://ubuntu.com/security/notices/USN-1917-1
- https://ubuntu.com/security/notices/USN-1920-1
- https://launchpad.net/ubuntu/+source/linux/2.6.32-49.111
- https://ubuntu.com/security/notices/USN-1899-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-1899-1?
The severity of USN-1899-1 is considered moderate, as it may lead to information leaks due to the race condition in the Linux ext4 filesystem.
How do I fix USN-1899-1?
To fix USN-1899-1, it's recommended to upgrade to the Linux kernel version 2.6.32-49.111 or later on affected Ubuntu 10.04 systems.
Which systems are affected by USN-1899-1?
USN-1899-1 affects Ubuntu 10.04 systems running specific Linux kernel versions prior to 2.6.32-49.111.
What vulnerabilities are addressed in USN-1899-1?
USN-1899-1 addresses two vulnerabilities: CVE-2012-4508, a race condition in the ext4 filesystem, and CVE-2012-6657, which relates to the kernel's socket subsystem.
Can an unprivileged user exploit USN-1899-1?
Yes, an unprivileged user can exploit USN-1899-1 to potentially cause an information leak due to exposed stale data.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu 22.04 lts
- version/ubuntu 22.04 lts/10.04