LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: privilege escalation/information leak

Package(s):kernel linux CVE #(s):CVE-2013-0349 CVE-2013-1773
Created:March 6, 2013 Updated:March 6, 2013
Description: From the Ubuntu advisory:

An information leak was discovered in the Linux kernel's Bluetooth stack when HIDP (Human Interface Device Protocol) support is enabled. A local unprivileged user could exploit this flaw to cause an information leak from the kernel. (CVE-2013-0349)

A flaw was discovered on the Linux kernel's VFAT filesystem driver when a disk is mounted with the utf8 option (this is the default on Ubuntu). On a system where disks/images can be auto-mounted or a FAT filesystem is mounted an unprivileged user can exploit the flaw to gain root privileges. (CVE-2013-1773)

Alerts:
Ubuntu USN-1756-1 2013-03-06
Red Hat RHSA-2013:0566-01 2013-03-06
Ubuntu USN-1760-1 2013-03-12
Ubuntu USN-1767-1 2013-03-18
Ubuntu USN-1769-1 2013-03-18
Ubuntu USN-1768-1 2013-03-18
Ubuntu USN-1775-1 2013-03-22
Ubuntu USN-1776-1 2013-03-22
Ubuntu USN-1778-1 2013-03-22
Ubuntu USN-1781-1 2013-03-26
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds