[Bug 1189833] [NEW] CVE-2013-2852

John Johansen Tue, 11 Jun 2013 03:06:15 -0700

*** This bug is a security vulnerability ***

Public security bug reported:


Format string vulnerability in the b43_request_firmware function in
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
the Linux kernel through 3.9.4 allows local users to gain privileges by
leveraging root access and including format string specifiers in an
fwpostfix modprobe parameter, leading to improper construction of an
error message.

Break-Fix: - 9538cbaab6e8b8046039b4b2eb6c9d614dc782bd

** Affects: linux (Ubuntu)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-ec2 (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-natty (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-oneiric (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu)
     Importance: Medium
         Status: New

** Affects: linux (Ubuntu Lucid)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Lucid)
     Importance: Medium
         Status: New

** Affects: linux-fsl-imx51 (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-natty (Ubuntu Lucid)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-oneiric (Ubuntu Lucid)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux (Ubuntu Precise)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu Precise)
     Importance: Medium
         Status: New

** Affects: linux-ec2 (Ubuntu Precise)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Precise)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Precise)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-natty (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-oneiric (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Precise)
     Importance: Medium
         Status: New

** Affects: linux-lts-raring (Ubuntu Precise)
     Importance: Medium
         Status: New

** Affects: linux-mvl-dove (Ubuntu Precise)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Precise)
     Importance: Medium
         Status: New

** Affects: linux (Ubuntu Quantal)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu Quantal)
     Importance: Medium
         Status: New

** Affects: linux-ec2 (Ubuntu Quantal)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Quantal)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Quantal)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-natty (Ubuntu Quantal)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-oneiric (Ubuntu Quantal)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Quantal)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Quantal)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Quantal)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Quantal)
     Importance: Medium
         Status: New

** Affects: linux (Ubuntu Raring)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu Raring)
     Importance: Medium
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Raring)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Raring)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Raring)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-natty (Ubuntu Raring)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-oneiric (Ubuntu Raring)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Raring)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Raring)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Raring)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Raring)
     Importance: Medium
         Status: New

** Affects: linux (Ubuntu Saucy)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-natty (Ubuntu Saucy)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-oneiric (Ubuntu Saucy)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Saucy)
     Importance: Medium
         Status: New


** Tags: kernel-cve-tracking-bug

** Tags added: kernel-cve-tracking-bug

** Information type changed from Public to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2852

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1189833

Title:
  CVE-2013-2852

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1189833/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1189833] [NEW] CVE-2013-2852

Reply via email to