Your submission was sent successfully! Close

CVE-2013-6763

Published: 12 November 2013

The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511.

From the Ubuntu security team

Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) driver. A local user could exploit this flaw to cause a denial of service (memory corruption) or possibly gain privileges.

Notes

AuthorNote
seth-arnold
Marked 'low' because uio_mmap_physical()'s only caller does length
checking before the call, see the 12 November 2013 oss-security mail from
Petr Matousek.
Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
Patches:
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by 7314e613d5ff9f0934f7a0f74ed7973b903315d1
linux-armadaxp
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
This package is not directly supported by the Ubuntu Security Team
linux-aws
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-ec2
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-flo
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-gke
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-goldfish
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-grouper
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-hwe
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-hwe-edge
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-linaro-omap
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-linaro-shared
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-linaro-vexpress
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-lts-quantal
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-lts-raring
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-lts-saucy
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-lts-trusty
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-lts-utopic
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-lts-vivid
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-lts-wily
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-lts-xenial
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-maguro
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-mako
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-manta
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-mvl-dove
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-qcm-msm
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-raspi2
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-snapdragon
Launchpad, Ubuntu, Debian
upstream
Released (3.12)
linux-ti-omap4
Launchpad, Ubuntu, Debian
upstream
Released (3.12)