CVE-2013-2851
Publication date 7 June 2013
Last updated 24 July 2024
Ubuntu priority
Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.
From the Ubuntu Security Team
Kees Cook discovered a format string vulnerability in the Linux kernel's disk block layer. A local user with administrator privileges could exploit this flaw to gain kernel privileges.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-armadaxp | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-ec2 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-flo | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Ignored end of life, was needed | |
linux-fsl-imx51 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Ignored end of life, was needed | |
linux-grouper | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-linaro-omap | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-shared | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-backport-maverick | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-quantal | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-raring | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-vivid | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-wily | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Not affected
|
|
linux-maguro | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Ignored end of life, was needed | |
linux-manta | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored end of life, was needed | |
linux-mvl-dove | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-qcm-msm | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
References
Related Ubuntu Security Notices (USN)
- USN-1932-1
- Linux kernel vulnerabilities
- 20 August 2013
- USN-1912-1
- Linux kernel vulnerabilities
- 29 July 2013
- USN-1934-1
- Linux kernel (OMAP4) vulnerabilities
- 20 August 2013
- USN-1941-1
- Linux kernel vulnerabilities
- 6 September 2013
- USN-1936-1
- Linux kernel (Raring HWE) vulnerabilities
- 20 August 2013
- USN-1935-1
- Linux kernel vulnerabilities
- 20 August 2013
- USN-1933-1
- Linux kernel (OMAP4) vulnerabilities
- 20 August 2013
- USN-1913-1
- Linux kernel (EC2) vulnerabilities
- 29 July 2013
- USN-1942-1
- Linux kernel (OMAP4) vulnerabilities
- 6 September 2013
- USN-1931-1
- Linux kernel (Quantal HWE) vulnerabilities
- 20 August 2013