kernel: multiple vulnerabilities
Multiple vulnerabilities has been found and corrected in the Linux
kernel:
The Linux kernel before 3.12.2 does not properly use the get_dumpable
function, which allows local users to bypass intended ptrace
restrictions or obtain sensitive information from IA64 scratch
registers via a crafted application, related to kernel/ptrace.c and
arch/ia64/include/asm/processor.h (CVE-2013-2929).
The perf_trace_event_perm function in
kernel/trace/trace_event_perf.c
in the Linux kernel before 3.12.2 does not properly restrict access
to the perf subsystem, which allows local users to enable function
tracing via a crafted application (CVE-2013-2930).
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the
Linux kernel before 3.12 allow local users to create a read-write
memory mapping for the entirety of kernel memory, and consequently
gain privileges, via crafted mmap operations, related to the (1)
au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2)
au1200fb_fb_mmap function in drivers/video/au1200fb.c (CVE-2013-4511).
Buffer overflow in the exitcode_proc_write function in
arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows
local users to cause a denial of service or possibly have unspecified
other impact by leveraging root privileges for a write operation
(CVE-2013-4512).
Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c
in the Linux kernel before 3.12 allow local users to cause a
denial of service or possibly have unspecified other impact
by leveraging the CAP_NET_ADMIN capability and providing a long
station-name string, related to the (1) wvlan_uil_put_info and (2)
wvlan_set_station_nickname functions (CVE-2013-4514).
The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in
the Linux kernel before 3.12 does not initialize a certain data
structure, which allows local users to obtain sensitive information
from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl
call
(CVE-2013-4515).
The lbs_debugfs_write function in
drivers/net/wireless/libertas/debugfs.c in the Linux kernel through
3.12.1 allows local users to cause a denial of service (OOPS)
by leveraging root privileges for a zero-length write operation
(CVE-2013-6378).
The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in
the Linux kernel through 3.12.1 does not properly validate a certain
size value, which allows local users to cause a denial of service
(invalid pointer dereference) or possibly have unspecified other
impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a
crafted
SRB command (CVE-2013-6380).
Buffer overflow in the qeth_snmp_command function in
drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1
allows local users to cause a denial of service or possibly have
unspecified other impact via an SNMP ioctl call with a length value
that is incompatible with the command-buffer size (CVE-2013-6381).
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in
the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO
capability, which allows local users to bypass intended access
restrictions via a crafted ioctl call (CVE-2013-6383).
The uio_mmap_physical function in drivers/uio/uio.c in the Linux
kernel before 3.12 does not validate the size of a memory block, which
allows local users to cause a denial of service (memory corruption)
or possibly gain privileges via crafted mmap operations, a different
vulnerability than CVE-2013-4511 (CVE-2013-6763).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6763
(from redmine: issue id 2544, created on 2014-01-07, closed on 2015-05-22)
- Relations:
- child #2545 (closed)
- child #2546 (closed)
- child #2547 (closed)
- child #2548 (closed)