Lucene search

K
amazonAmazonALAS-2013-200
HistoryJun 11, 2013 - 10:45 p.m.

Medium: kernel

2013-06-1122:45:00
alas.aws.amazon.com
30

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

61.7%

Issue Overview:

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.

Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.

The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.

The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.

The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.

The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.

New Packages:

i686:  
    kernel-debuginfo-common-i686-3.4.48-45.46.amzn1.i686  
    kernel-tools-debuginfo-3.4.48-45.46.amzn1.i686  
    kernel-debuginfo-3.4.48-45.46.amzn1.i686  
    kernel-tools-3.4.48-45.46.amzn1.i686  
    kernel-headers-3.4.48-45.46.amzn1.i686  
    kernel-devel-3.4.48-45.46.amzn1.i686  
    kernel-3.4.48-45.46.amzn1.i686  
  
noarch:  
    kernel-doc-3.4.48-45.46.amzn1.noarch  
  
src:  
    kernel-3.4.48-45.46.amzn1.src  
  
x86_64:  
    kernel-tools-3.4.48-45.46.amzn1.x86_64  
    kernel-tools-debuginfo-3.4.48-45.46.amzn1.x86_64  
    kernel-debuginfo-3.4.48-45.46.amzn1.x86_64  
    kernel-headers-3.4.48-45.46.amzn1.x86_64  
    kernel-3.4.48-45.46.amzn1.x86_64  
    kernel-debuginfo-common-x86_64-3.4.48-45.46.amzn1.x86_64  
    kernel-devel-3.4.48-45.46.amzn1.x86_64  

Additional References

Red Hat: CVE-2012-6544, CVE-2012-6545, CVE-2013-0914, CVE-2013-1767, CVE-2013-1773, CVE-2013-1929, CVE-2013-3222, CVE-2013-3224, CVE-2013-3231, CVE-2013-3235

Mitre: CVE-2012-6544, CVE-2012-6545, CVE-2013-0914, CVE-2013-1767, CVE-2013-1773, CVE-2013-1929, CVE-2013-3222, CVE-2013-3224, CVE-2013-3231, CVE-2013-3235

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

61.7%