CVE-2013-2237

Published: 04 July 2013

The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.

From the Ubuntu security team

An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.2.0-16.19)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.11.0-12.19)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by 85dfb745ee40232876663ae206cba35f24ab2a40
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-omap
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-qcm-msm
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-armadaxp
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-quantal
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-raring
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(3.4.0-4.27)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-grouper
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-maguro
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-mako
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-manta
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-flo
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-lts-trusty
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.16.0-25.33~14.04.2])
linux-lts-vivid
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.19.0-18.18~14.04.1])
linux-lts-wily
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [4.2.0-18.22~14.04.1])
linux-raspi2
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.2.0-1013.19)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-13.29~14.04.1)
linux-snapdragon
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1012.12)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-aws
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1001.10)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-1002.2)
linux-hwe-edge
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke
Launchpad, Ubuntu, Debian 		Upstream
Released (3.9~rc6)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1003.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading