linux-2.6 - several vulnerabilities

2013-02-2500:00:00

Google

osv.dev

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.7%

JSON

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2013-0231
Jan Beulich provided a fix for an issue in the Xen PCI backend drivers.
Users of guests on a system using passed-through PCI devices can create
a denial of service of the host system due to the use of non-ratelimited
kernel log messages.
CVE-2013-0871
Suleiman Souhlal and Salman Qazi of Google, with help from Aaron Durbin
and Michael Davidson of Google, discovered an issue in the
ptrace subsystem. Due to a race condition with PTRACE_SETREGS, local users
can cause kernel stack corruption and execution of arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in version
2.6.32-48squeeze1.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

	Debian 6.0 (squeeze)
user-mode-linux	2.6.32-1um-4+48squeeze1

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

CPENameOperatorVersion
linux-2.6eq2.6.32-30
linux-2.6eq2.6.32-30+m68k.5
linux-2.6eq2.6.32-31
linux-2.6eq2.6.32-31~bpo50+1
linux-2.6eq2.6.32-32
linux-2.6eq2.6.32-33
linux-2.6eq2.6.32-34
linux-2.6eq2.6.32-34squeeze1
linux-2.6eq2.6.32-35
linux-2.6eq2.6.32-35squeeze1

Name	Operator	Version
linux-2.6	eq	2.6.32-30
linux-2.6	eq	2.6.32-30+m68k.5
linux-2.6	eq	2.6.32-31
linux-2.6	eq	2.6.32-31~bpo50+1
linux-2.6	eq	2.6.32-32
linux-2.6	eq	2.6.32-33
linux-2.6	eq	2.6.32-34
linux-2.6	eq	2.6.32-34squeeze1
linux-2.6	eq	2.6.32-35
linux-2.6	eq	2.6.32-35squeeze1