LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: two vulnerabilities

Package(s):kernel CVE #(s):CVE-2013-0343 CVE-2013-4254
Created:August 23, 2013 Updated:September 26, 2013
Description:

From the Red Hat bugzilla entries [1, 2]:

CVE-2013-4254: Linux kernel built for the ARM(CONFIG_ARM/CONFIG_ARM64) platforms along with the hardware performance counter support(CONFIG_HW_PERF_EVENTS) is vulnerable to a NULL pointer dereference flaw. This could lead to the kernel crash resulting in DoS or potential privilege escalation to gain root privileges by a non-root user.

An unprivileged user/program could use this flaw to crash the kernel resulting in DoS or potential privilege escalation to gain root access to a machine.

CVE-2013-0343: Due to the way the Linux kernel handles the creation of IPv6 temporary addresses a malicious LAN user can remotely disable them altogether which may lead to privacy violations and information disclosure.

Reference:
http://seclists.org/oss-sec/2012/q4/292
http://seclists.org/oss-sec/2013/q1/92

Alerts:
Fedora FEDORA-2013-15198 2013-08-23
Fedora FEDORA-2013-15151 2013-08-23
Mandriva MDVSA-2013:242 2013-09-26
Ubuntu USN-1972-1 2013-09-27
Ubuntu USN-1974-1 2013-09-27
Ubuntu USN-1968-1 2013-09-27
Ubuntu USN-1970-1 2013-09-27
Ubuntu USN-1971-1 2013-09-27
Ubuntu USN-1975-1 2013-09-27
Ubuntu USN-1973-1 2013-09-27
Ubuntu USN-1969-1 2013-09-27
Ubuntu USN-1977-1 2013-09-30
Ubuntu USN-1976-1 2013-09-30
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds