CVE-2013-2224
Published: 4 July 2013
A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552.
Notes
| Author | Note |
|---|---|
| seth-arnold | Unprivileged user kernel crash demonstrated; code execution neither confirmed nor denied. |
| henrix | This is a Red Hat specific bug introduced by their CVE-2012-3552 fix. This was a backport of upstream f6d8bd051c391c1c0458a30b2a7abcd939329259. Only Lucid contains a backport of this commit (all the other Ubuntu kernels include the upstream commit) and Lucid backport is quite different from RH one (it was picked from upstream 3.2, which picked it from Debian). |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Not vulnerable
|
|
| upstream |
Not vulnerable
|
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-ec2 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life, does not affect buildd)
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Ignored
(abandoned)
|
|
| quantal |
Ignored
(abandoned)
|
|
| raring |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Ignored
(abandoned)
|
|
| quantal |
Ignored
(abandoned)
|
|
| raring |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Ignored
(abandoned)
|
|
| quantal |
Ignored
(abandoned)
|
|
| raring |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
linux-lts-raring Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
lucid |
Ignored
(abandoned)
|
| precise |
Ignored
(abandoned)
|
|
| quantal |
Ignored
(abandoned)
|
|
| raring |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Not vulnerable
|
|
| upstream |
Not vulnerable
|
|