CVE-2013-4512

Published: 12 November 2013

Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation.

From the Ubuntu security team

A buffer overflow was discovered in exit function for the Linux kernel when used for User Mode Linux. A local user could exploit this flaw to cause a denial of service or possibly gain administrative privileges.

Priority

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	lucid	Ignored (CVE in User Mode Linux 2.6.32-54.116)
	precise	Ignored (CVE in User Mode Linux)
	quantal	Ignored (CVE in User Mode Linux)
	raring	Ignored (CVE in User Mode Linux)
	saucy	Ignored (CVE in User Mode Linux)
	trusty	Not vulnerable (3.12.0-2.5)
	upstream	Released (3.12)
	utopic	Not vulnerable (3.13.0-24.46)
linux-armadaxp Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Ignored (CVE in User Mode Linux)
	quantal	Ignored (CVE in User Mode Linux)
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-ec2 Launchpad, Ubuntu, Debian	lucid	Ignored (CVE in User Mode Linux 2.6.32-359.72)
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-flo Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	saucy	Does not exist
	trusty	Does not exist (trusty was ignored [was needed now end-of-life])
	upstream	Released (3.12)
	utopic	Ignored (CVE in User Mode Linux)
linux-fsl-imx51 Launchpad, Ubuntu, Debian	lucid	Ignored (reached end-of-life, does not affect buildd)
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-goldfish Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	saucy	Ignored
	trusty	Does not exist (trusty was ignored [was needed now end-of-life])
	upstream	Released (3.12)
	utopic	Ignored (CVE in User Mode Linux)
linux-grouper Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	saucy	Ignored
	trusty	Does not exist (trusty was ignored [CVE in User Mode Linux])
	upstream	Released (3.12)
	utopic	Ignored (CVE in User Mode Linux)
linux-linaro-omap Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Ignored (abandoned)
	quantal	Ignored (abandoned)
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-linaro-shared Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Ignored (abandoned)
	quantal	Ignored (abandoned)
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-linaro-vexpress Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Ignored (abandoned)
	quantal	Ignored (abandoned)
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-lts-quantal Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Ignored (CVE in User Mode Linux)
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-lts-raring Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Ignored (CVE in User Mode Linux)
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-lts-saucy Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Ignored (CVE in User Mode Linux)
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-lts-trusty Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Not vulnerable (3.13.0-24.46~precise1)
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-maguro Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	saucy	Ignored
	trusty	Does not exist (trusty was ignored [CVE in User Mode Linux])
	upstream	Released (3.12)
	utopic	Ignored (CVE in User Mode Linux)
linux-mako Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	saucy	Ignored
	trusty	Does not exist (trusty was ignored [was needed now end-of-life])
	upstream	Released (3.12)
	utopic	Ignored (CVE in User Mode Linux)
linux-manta Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	saucy	Ignored
	trusty	Does not exist (trusty was ignored [was needed now end-of-life])
	upstream	Released (3.12)
	utopic	Ignored (CVE in User Mode Linux)
linux-mvl-dove Launchpad, Ubuntu, Debian	lucid	Ignored (reached end-of-life)
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-qcm-msm Launchpad, Ubuntu, Debian	lucid	Ignored (abandoned)
	precise	Ignored (abandoned)
	quantal	Ignored (abandoned)
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist
linux-ti-omap4 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Ignored (CVE in User Mode Linux)
	quantal	Ignored (CVE in User Mode Linux)
	raring	Ignored (CVE in User Mode Linux)
	saucy	Ignored (CVE in User Mode Linux)
	trusty	Does not exist
	upstream	Released (3.12)
	utopic	Does not exist

References

Bugs

https://launchpad.net/bugs/1249271

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›