CVE-2014-1446

Published: 18 January 2014

The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.

From the Ubuntu security team

An information leak was discovered in the Linux kernel's hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.2.0-16.19)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.13.0-1.16)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by 8e3fbf870481eb53b2d3a322d1fc395ad8b367ed
linux-armadaxp
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-aws
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1001.10)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-1002.2)
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1003.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-grouper
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-hwe
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-omap
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-raring
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.16.0-25.33~14.04.2])
linux-lts-vivid
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.19.0-18.18~14.04.1])
linux-lts-wily
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [4.2.0-18.22~14.04.1])
linux-lts-xenial
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-13.29~14.04.1)
linux-maguro
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-mako
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-manta
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-qcm-msm
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.2.0-1013.19)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1012.12)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (3.13~rc7)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading