CVE-2013-7263
Published: 06 January 2014
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
From the Ubuntu security team
mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.2.0-16.19)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(3.12.0-7.15)
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by bceaa90240b6019ed73b49965eac7d167610be69 |
||
linux-armadaxp Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1001.10)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-1002.2)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1003.3)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-raring Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [3.16.0-25.33~14.04.2])
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [3.19.0-18.18~14.04.1])
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [4.2.0-18.22~14.04.1])
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.2.0-1013.19)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1012.12)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
- https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69
- https://bugzilla.redhat.com/show_bug.cgi?id=1035875
- http://www.openwall.com/lists/oss-security/2013/11/28/13
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bceaa90240b6019ed73b49965eac7d167610be69
- https://usn.ubuntu.com/usn/usn-2107-1
- https://usn.ubuntu.com/usn/usn-2108-1
- https://usn.ubuntu.com/usn/usn-2109-1
- https://usn.ubuntu.com/usn/usn-2110-1
- https://usn.ubuntu.com/usn/usn-2113-1
- https://usn.ubuntu.com/usn/usn-2117-1
- https://usn.ubuntu.com/usn/usn-2135-1
- https://usn.ubuntu.com/usn/usn-2136-1
- https://usn.ubuntu.com/usn/usn-2138-1
- https://usn.ubuntu.com/usn/usn-2139-1
- https://usn.ubuntu.com/usn/usn-2141-1
- NVD
- Launchpad
- Debian