CERT-In Advisory
CIAD-2013-0084
Multiple Vulnerabilities in Linux Kernel
Original Issue Date: November 22, 2013
Severity Rating: High
Systems Affected
- Linux Kernel version 3.12 and prior
Overview
Multiple vulnerabilities have been reported in Linux kernel which could allow a local attacker to execute arbitrary code, disclose sensitive information or cause Denial of Service (DoS) conditions.
Description
1. uio_mmap_physical() function Denial Of Service Vulnerability
(
CVE-2013-6763
)
This Vulnerability exits in uio_mmap_physical() in drivers/uio/uio.c in linux kernel due to improper validation of memory block size. A local attacker can exploit this vulnerability by sending specially crafted mmap operations to trigger memory corruption and execute arbitrary code with elevated privileges. Repeated attempts may lead to Denial of Service (DoS) conditions.
2. wvlan_uil_put_info() and wvlan_set_station_nickname() functions Denial Of Service Vulnerability
(
CVE-2013-4514
)
This vulnerability exits in wvlan_uil_put_info() and wvlan_set_station_nickname() in drivers/staging/wlags49_h2/wl_priv.c in Linux kernel due to improper boundary checks on user supplied data. A local attacker could exploit this vulnerability by leveraging the CAP_NET_ADMIN capability and providing a long station-name string to execute arbitrary code with kernel privileges resulting in Denial of Service (DoS) condition.
3. oz_cdev_write() function Denial Of Service Vulnerability
(
CVE-2013-4513
)
This vulnerability exits in oz_cdev_write() in drivers/staging/ozwpan/ozcdev.c in the Linux kernel due to improper boundary checks on user-supplied data. A local attacker could exploit this vulnerability by sending specially crafted write operations to execute arbitrary code with kernel privileges. Failed exploit attempts may lead to Denial of Service (DoS) conditions.
4. exitcode_proc_write() function Denial of Service Vulnerability
(
CVE-2013-4512
)
This vulnerability exits in exitcode_proc_write() in arch/um/kernel/exitcode.c in the Linux kernel due to improper boundary checks on user-supplied data. A local attacker could exploit this vulnerability by sending a specially crafted write operation to execute arbitrary code with root privileges. Failed exploit attempts may lead to cause Denial of Service (DoS) conditions.
5. skb_flow_dissect() function Denial of Service Vulnerability
(
CVE-2013-4348
)
This vulnerability exits in skb_flow_dissect() in net/core/flow_dissector.c in Linux kernel. A Remote attacker could exploit this vulnerability via a small value in the IHL field of a packet with IPIP encapsulation that causes the kernel to enter into an infinite loop. Successful exploitation of this vulnerability may lead to Denial of Service (DoS) conditions.
6. Host_start() function Denial of Service Vulnerability
(
CVE-2013-2058
)
This vulnerability exits in host_start() in drivers/usb/chipidea/host.c in Linux kernel prior to 3.7.4. A local attacker could exploit this vulnerability by sending a large amount of network traffic through a USB/Ethernet adapter to cause Denial of Service (DoS) conditions.
7. mp_get_count() function Information disclosure Vulnerability
(
CVE-2013-4516
)
This vulnerability exits in mp_get_count() in drivers/staging/sb105x/sb_pci_mp.c in Linux kernel due to improper initialization of a certain data structure. A local attacker could exploit this vulnerability via TIOCGICOUNT ioctl call to obtain sensitive information from kernel stack memory.
8. bcm_char_ioctl() function Information disclosure Vulnerability
(
CVE-2013-4515
)
This vulnerability exits in bcm_char_ioctl() in drivers/staging/bcm/Bcmchar.c in Linux kernel due to improper initialization of a certain data structure. A local attacker could exploit this vulnerability via IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call to obtain sensitive information from kernel stack memory.
9. Alchemy LCD frame-buffer integer overflow vulnerability
(
CVE-2013-4511
)
This vulnerability exits in au1100fb_fb_mmap() in drivers/video/au1100fb.c and au1200fb_fb_mmap() in drivers/video/au1200fb.c in Linux kernel due to improper boundary checks on user supplied data. A local attacker can exploit this vulnerability by sending specially crafted mmap operation to execute arbitrary code with elevated privileges. Failed exploit attempts may lead to Denial of Service (DoS) conditions.
Solution
Apply the following patches:
https://github.com/torvalds/linux/commit/7314e613d5ff9f0934f7a0f74ed7973b903315d1
https://github.com/torvalds/linux/commit/b5e2f339865fb443107e5b10603e53bbc92dc054
https://github.com/torvalds/linux/commit/c2c65cd2e14ada6de44cb527e7f1990bede24e15
https://github.com/torvalds/linux/commit/201f99f170df14ba52ea4c52847779042b7a623b
https://github.com/torvalds/linux/commit/6f092343855a71e03b8d209815d8c45bf3a27fcd
https://github.com/torvalds/linux/commit/929473ea05db455ad88cdc081f2adc556b8dc48f
https://github.com/torvalds/linux/commit/a8b33654b1e3b0c74d4a1fed041c9aae50b3c427
https://github.com/torvalds/linux/commit/8d1e72250c847fa96498ec029891de4dc638a5ba
Vendor Information
Linux kernel
https://www.kernel.org/
References
Linux kernel
https://www.kernel.org/
Security Focus
http://www.securityfocus.com/bid/63707
http://www.securityfocus.com/bid/63519
http://www.securityfocus.com/bid/63518
http://www.securityfocus.com/bid/63509
http://www.securityfocus.com/bid/63508
http://www.securityfocus.com/bid/63510
http://www.securityfocus.com/bid/63512
http://www.securityfocus.com/bid/63536
http://www.securityfocus.com/bid/59638
CVE Name
CVE-2013-6763
CVE-2013-4516
CVE-2013-4515
CVE-2013-4514
CVE-2013-4513
CVE-2013-4512
CVE-2013-4511
CVE-2013-4348
CVE-2013-2058
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|