User login
Qlustar: Install and enjoy!

[QSA - 0326131] Linux kernel vulnerability

Qlustar Security Advisory 0326131

March 26, 2013


The system could be made to run programs as an administrator.

Package(s)       : linux-image-ql-server, linux-image-ql-beowulf
Affected versions: All versions prior to this update
Vulnerability    : privilege escalation/denial of service
Problem type     : local
Qlustar-specific : no
CVE Id(s)        : CVE-2013-0268, CVE-2013-0309, CVE-2013-1773

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:


A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities.


A flaw was discovered in the Linux kernels handling of memory ranges with PROT_NONE when transparent hugepages are in use. An unprivileged local user could exploit this flaw to cause a denial of service (crash the system).


A flaw was discovered on the Linux kernel's VFAT filesystem driver when a disk is mounted with the utf8 option (this is the default on Ubuntu). On a system where disks/images can be auto-mounted or a FAT filesystem is mounted an unprivileged user can exploit the flaw to gain root privileges.

Update instructions:

The problem can be corrected by updating your system to the following package versions (follow the Qlustar Update Guide):

qlustar-module-core-precise-amd64-8.0.1    8.0.1-b419f807
glqxz9283 sfy39587stf02 mnesdcuix8