What is the severity of USN-2221-1?

The severity of USN-2221-1 is considered moderate, as it allows an unprivileged local user to access potentially sensitive information.

How do I fix USN-2221-1?

To fix USN-2221-1, you should upgrade your linux-image packages to version 3.2.0-63.95 or later.

Which Ubuntu versions are affected by USN-2221-1?

USN-2221-1 affects Ubuntu version 12.04 with specific linux-image packages.

Is there a workaround for USN-2221-1?

There is no specific workaround for USN-2221-1; updating the kernel is the recommended solution.

Who reported the vulnerability in USN-2221-1?

The vulnerability in USN-2221-1 was reported by Matthew Daley.

Vulnerability/
USN-2221-1

CWE

362

26/5/2014

USN-2221-1: Linux kernel vulnerabilities

First published: Mon May 26 2014(Updated: )

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the Linux kernel's IPC reference counting. An unprivileged local user could exploit this flaw to cause a denial of service (OOM system crash). (CVE-2013-4483) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged local user could exploit this flaw to cause a denial of service (system crash), obtain sensitive information from kernel memory, or possibly gain privileges. (CVE-2014-0069) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-0101) A flaw was discovered in the handling of routing information in Linux kernel's IPv6 stack. A remote attacker could exploit this flaw to cause a denial of service (memory consumption) via a flood of ICMPv6 router advertisement packets. (CVE-2014-2309) An error was discovered in the Linux kernel's DCCP protocol support. A remote attacked could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2014-2523) Max Sydorenko discovered a race condition in the Atheros 9k wireless driver in the Linux kernel. This race could be exploited by remote attackers to cause a denial of service (system crash). (CVE-2014-2672) An error was discovered in the Reliable Datagram Sockets (RDS) protocol stack in the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-2678) Yaara Rozenblum discovered a race condition in the Linux kernel's Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers could exploit this flaw to cause a denial of service (system crash). (CVE-2014-2706) A flaw was discovered in the Linux kernel's ping sockets. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges via a crafted application. (CVE-2014-2851) Jouni Malinen reported a flaw in the handling of fragmentation in the mac8Linux subsystem of the kernel. A remote attacker could exploit this flaw to obtain potential sensitive cleartext information by reading packets. (CVE-2014-8709)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-3.2.0-63-generic-pae	<3.2.0-63.95	3.2.0-63.95
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-63-omap	<3.2.0-63.95	3.2.0-63.95
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-63-powerpc-smp	<3.2.0-63.95	3.2.0-63.95
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-63-powerpc64-smp	<3.2.0-63.95	3.2.0-63.95
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-63-generic	<3.2.0-63.95	3.2.0-63.95
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-63-highbank	<3.2.0-63.95	3.2.0-63.95
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-63-virtual	<3.2.0-63.95	3.2.0-63.95
Ubuntu 22.04 LTS	=12.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-2221-1?
The severity of USN-2221-1 is considered moderate, as it allows an unprivileged local user to access potentially sensitive information.
How do I fix USN-2221-1?
To fix USN-2221-1, you should upgrade your linux-image packages to version 3.2.0-63.95 or later.
Which Ubuntu versions are affected by USN-2221-1?
USN-2221-1 affects Ubuntu version 12.04 with specific linux-image packages.
Is there a workaround for USN-2221-1?
There is no specific workaround for USN-2221-1; updating the kernel is the recommended solution.
Who reported the vulnerability in USN-2221-1?
The vulnerability in USN-2221-1 was reported by Matthew Daley.

agent/references
agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/weakness
agent/title
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu 22.04 lts
version/ubuntu 22.04 lts/12.04