{"id":"MGASA-2013-0210","summary":"Updated kernel-linus package fixes security issues","details":"This kernel update provides the upstream 3.4.52 kernel and fixes\nthe follwing security issues:\n\nThe pciback_enable_msi function in the PCI backend driver \n(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux\nkernel 2.6.18 and 3.8 allows guest OS users with PCI device access to\ncause a denial of service via a large number of kernel log messages.\n(CVE-2013-0231 / XSA-43)\n\nHeap-based buffer overflow in the iscsi_add_notunderstood_response function\nin drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target\nsubsystem in the Linux kernel through 3.9.4 allows remote attackers to\ncause a denial of service (memory corruption and OOPS) or possibly execute\narbitrary code via a long key that is not properly handled during\nconstruction of an error-response packet.\nA reproduction case requires patching open-iscsi to send overly large\nkeys. Performing discovery in a loop will Oops the remote server.\n(CVE-2013-2850)\n\nFormat string vulnerability in the b43_request_firmware function in\ndrivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in\nthe Linux kernel through 3.9.4 allows local users to gain privileges by\nleveraging root access and including format string specifiers in an\nfwpostfix modprobe parameter, leading to improper construction of an\nerror message. (CVE-2013-2852)\n\nOther fixes:\nFor other -stable fixes, read the referenced changelogs\n","modified":"2026-04-16T06:25:38.226108475Z","published":"2013-07-16T07:32:10Z","upstream":["CVE-2013-0231","CVE-2013-2850","CVE-2013-2852"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0210.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10653"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.52-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0210.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}