CVE-2013-3301
Publication date 29 April 2013
Last updated 24 July 2024
Ubuntu priority
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
From the Ubuntu Security Team
A flaw was discovered in the Linux kernel's ftrace subsystem interface. A local user could exploit this flaw to cause a denial of service (system crash).
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-2.6 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-armadaxp | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-ec2 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-flo | ||
| 16.04 LTS xenial | Ignored abandoned | |
| 14.04 LTS trusty | Ignored end of life, was needed | |
| linux-fsl-imx51 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-goldfish | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Ignored end of life, was needed | |
| linux-grouper | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-hwe-edge | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-linaro-omap | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-linaro-shared | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-linaro-vexpress | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-backport-maverick | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-backport-oneiric | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-quantal | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-raring | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-trusty | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-utopic | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-vivid | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-wily | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-xenial | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Not affected
|
|
| linux-maguro | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-mako | ||
| 16.04 LTS xenial | Ignored abandoned | |
| 14.04 LTS trusty | Ignored end of life, was needed | |
| linux-manta | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Ignored end of life, was needed | |
| linux-mvl-dove | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-qcm-msm | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi2 | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-snapdragon | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-ti-omap4 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
Notes
apw
The driver is only vunerable in after either one (or both of) the following sha1s, adding the first of these chronologically as the break commit: 6038f373a3dc1f1c26496e60b6c40b164716f07e 756d17ee7ee4fbc8238bdf97100af63e6ac441ef
References
Related Ubuntu Security Notices (USN)
- USN-1839-1
- Linux kernel (OMAP4) vulnerabilities
- 28 May 2013
- USN-1833-1
- Linux kernel vulnerabilities
- 24 May 2013
- USN-1835-1
- Linux kernel vulnerabilities
- 24 May 2013
- USN-1836-1
- Linux kernel (OMAP4) vulnerabilities
- 24 May 2013
- USN-1834-1
- Linux kernel (Quantal HWE) vulnerabilities
- 24 May 2013
- USN-1838-1
- Linux kernel (OMAP4) vulnerabilities
- 30 May 2013
Other references
- https://git.kernel.org/linus/6a76f8c0ab19f215af2a3442870eeb5f0e81998d
- https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d
- https://bugzilla.redhat.com/show_bug.cgi?id=952197
- http://www.openwall.com/lists/oss-security/2013/04/15/1
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6a76f8c0ab19f215af2a3442870eeb5f0e81998d
- https://www.cve.org/CVERecord?id=CVE-2013-3301