LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2012-4542 CVE-2013-0309 CVE-2013-0310 CVE-2013-0311
Created:February 21, 2013 Updated:March 15, 2013
Description: From the Red Hat advisory:

It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed-through as read-only. (CVE-2012-4542)

A flaw was found in the way pmd_present() interacted with PROT_NONE memory ranges when transparent hugepages were in use. A local, unprivileged user could use this flaw to crash the system. (CVE-2013-0309)

A flaw was found in the way CIPSO (Common IP Security Option) IP options were validated when set from user mode. A local user able to set CIPSO IP options on the socket could use this flaw to crash the system. (CVE-2013-0310)

A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311)

Alerts:
Red Hat RHSA-2013:0496-02 2013-02-21
Oracle ELSA-2013-0496 2013-02-28
Oracle ELSA-2013-2507 2013-02-28
openSUSE openSUSE-SU-2013:0396-1 2013-03-05
Ubuntu USN-1756-1 2013-03-06
CentOS CESA-2013:0496 2013-03-09
Red Hat RHSA-2013:0622-01 2013-03-11
Ubuntu USN-1760-1 2013-03-12
Scientific Linux SL-kern-20130314 2013-03-14
Ubuntu USN-1767-1 2013-03-18
Ubuntu USN-1769-1 2013-03-18
Ubuntu USN-1768-1 2013-03-18
Ubuntu USN-1774-1 2013-03-21
Ubuntu USN-1775-1 2013-03-22
Ubuntu USN-1776-1 2013-03-22
Ubuntu USN-1778-1 2013-03-22
Ubuntu USN-1781-1 2013-03-26
SUSE SUSE-SU-2013:0759-1 2013-05-07
SUSE SUSE-SU-2013:0759-2 2013-05-08
Oracle ELSA-2013-2523 2013-05-10
Oracle ELSA-2013-2523 2013-05-10
SUSE SUSE-SU-2013:0786-1 2013-05-14
Mageia MGASA-2013-0147 2013-05-17
Mageia MGASA-2013-0148 2013-05-17
Mageia MGASA-2013-0149 2013-05-17
Mageia MGASA-2013-0150 2013-05-17
Mageia MGASA-2013-01451 2013-05-17
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds