CVE-2013-0914 (retired)

Priority
Description
The flush_signal_handlers function in kernel/signal.c in the Linux kernel
before 3.8.4 preserves the value of the sa_restorer field across an exec
operation, which makes it easier for local users to bypass the ASLR
protection mechanism via a crafted application containing a sigaction
system call.
Ubuntu-Description
Emese Revfy discovered that in the Linux kernel signal handlers could leak
address information across an exec, making it possible to by pass ASLR
(Address Space Layout Randomization). A local user could use this flaw to
by pass ASLR to reliably deliver an exploit payload that would otherwise be
stopped (by ASLR).
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.2.0-40.64)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-16.19)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by 2ca39528c01a933f6689cd6505ce65bd6d68a530
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [3.2.0-1616.25])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1001.10)
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1003.3)
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.4.0-4.27)
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.8.0-36.36~16.04.1)
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.8.0-36.36~16.04.1)
Product
linux-krillin:ignored (was pending [1.0] now end-of-life)
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [3.5.0-27.46~precise1])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [3.8.0-19.30~precise1])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (3.13.0-24.46~precise1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-1013.19)
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1012.12)
Package
Upstream:released (3.9~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [3.2.0-1429.38])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Product
linux-vegetahd:ignored (was pending [1.0] now end-of-life)
More Information

Updated: 2019-09-19 15:43:30 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)