CVE-2013-7270
Published: 06 January 2014
The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
From the Ubuntu security team
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.2.0-16.19)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(3.12.0-7.15)
|
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by f3d3342602f8bcbf37d7c46641cb9bca7618eb1c |
||
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-lts-raring Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [3.16.0-25.33~14.04.2])
|
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [3.19.0-18.18~14.04.1])
|
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [4.2.0-18.22~14.04.1])
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.2.0-1013.19)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1012.12)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1001.10)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-1002.2)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.13~rc1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1003.3)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7270
- https://github.com/torvalds/linux/commit/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
- https://bugzilla.redhat.com/show_bug.cgi?id=1039845
- http://www.openwall.com/lists/oss-security/2013/12/31/7
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
- https://usn.ubuntu.com/usn/usn-2109-1
- https://usn.ubuntu.com/usn/usn-2110-1
- https://usn.ubuntu.com/usn/usn-2113-1
- https://usn.ubuntu.com/usn/usn-2117-1
- https://usn.ubuntu.com/usn/usn-2128-1
- https://usn.ubuntu.com/usn/usn-2129-1
- https://usn.ubuntu.com/usn/usn-2135-1
- https://usn.ubuntu.com/usn/usn-2136-1
- https://usn.ubuntu.com/usn/usn-2138-1
- https://usn.ubuntu.com/usn/usn-2139-1
- https://usn.ubuntu.com/usn/usn-2141-1
- NVD
- Launchpad
- Debian