Your submission was sent successfully! Close

CVE-2013-1060

Published: 30 July 2013

A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows local users to gain privileges by leveraging control over the buildd account.

From the Ubuntu security team

Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-armadaxp
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-aws
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-azure
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-ec2
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-euclid
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-flo
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-gcp
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-gke
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-goldfish
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-grouper
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-hwe
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-hwe-edge
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-kvm
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-linaro-omap
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-linaro-shared
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-linaro-vexpress
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-lts-quantal
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-lts-raring
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-lts-trusty
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-lts-utopic
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-lts-vivid
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-lts-wily
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-lts-xenial
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-maguro
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-mako
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-manta
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-mvl-dove
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-oem
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-qcm-msm
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-raspi2
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-snapdragon
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)
linux-ti-omap4
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(Ubuntu specific CVE)