DSA-2766-1 linux-base -- privilege escalation/denial of service/information leakID: oval:org.secpod.oval:def:601115 | Date: (C)2013-09-30 (M)2024-04-17 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2141 Emese Revfy provided a fix for an information leak in the tkill and tgkill system calls. A local user on a 64-bit system maybe able to gain access to sensitive memory contents. CVE-2013-2164 Jonathan Salwan reported an information leak in the CD-ROM driver. A local user on a system with a malfunctioning CD-ROM drive could gain access to sensitive memory. CVE-2013-2206 Karl Heiss reported an issue in the Linux SCTP implementation. A remote user could cause a denial of service . CVE-2013-2232 Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6 subsystem. Local users could cause a denial of service by using an AF_INET6 socket to connect to an IPv4 destination. CVE-2013-2234 Mathias Krause reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. CVE-2013-2237 Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. CVE-2013-2239 Jonathan Salwan discovered multiple memory leaks in the openvz kernel flavor. Local users could gain access to sensitive kernel memory. CVE-2013-2851 Kees Cook reported an issue in the block subsystem. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. CVE-2013-2852 Kees Cook reported an issue in the b43 network driver for certain Broadcom wireless devices. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. CVE-2013-2888 Kees Cook reported an issue in the HID driver subsystem. A local user, with the ability to attach a device, could cause a denial of service . CVE-2013-2892 Kees Cook reported an issue in the pantherlord HID device driver. Local users with the ability to attach a device could cause a denial of service or possibly gain elevated privileges.