CVE-2013-7281
Publication date 8 January 2014
Last updated 24 July 2024
Ubuntu priority
The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
From the Ubuntu Security Team
mpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-armadaxp | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-ec2 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-flo | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Ignored end of life, was needed | |
linux-fsl-imx51 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Ignored end of life, was needed | |
linux-grouper | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-linaro-omap | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-shared | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-quantal | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-raring | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-saucy | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-vivid | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-wily | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Not affected
|
|
linux-maguro | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Ignored end of life, was needed | |
linux-manta | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored end of life, was needed | |
linux-mvl-dove | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-qcm-msm | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
References
Related Ubuntu Security Notices (USN)
- USN-2138-1
- Linux kernel vulnerabilities
- 7 March 2014
- USN-2136-1
- Linux kernel (Raring HWE) vulnerabilities
- 7 March 2014
- USN-2110-1
- Linux kernel (OMAP4) vulnerabilities
- 18 February 2014
- USN-2113-1
- Linux kernel (Saucy HWE) vulnerabilities
- 18 February 2014
- USN-2139-1
- Linux kernel (OMAP4) vulnerabilities
- 7 March 2014
- USN-2109-1
- Linux kernel vulnerabilities
- 18 February 2014
- USN-2108-1
- Linux kernel (EC2) vulnerabilities
- 18 February 2014
- USN-2135-1
- Linux kernel (Quantal HWE) vulnerabilities
- 7 March 2014
- USN-2107-1
- Linux kernel vulnerabilities
- 18 February 2014
- USN-2141-1
- Linux kernel (OMAP4) vulnerabilities
- 7 March 2014
- USN-2117-1
- Linux kernel vulnerabilities
- 18 February 2014
Other references
- https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69
- https://bugzilla.redhat.com/show_bug.cgi?id=1035875
- http://www.openwall.com/lists/oss-security/2013/11/28/13
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bceaa90240b6019ed73b49965eac7d167610be69
- https://www.cve.org/CVERecord?id=CVE-2013-7281