CVE-2014-3610

Bug #1384539 reported by John Johansen
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Fix Released
High
Unassigned
Vivid
Fix Released
High
Unassigned
Wily
Fix Released
High
Unassigned
Xenial
Fix Released
High
Unassigned
Yakkety
Fix Released
High
Unassigned
linux-armadaxp (Ubuntu)
Invalid
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-ec2 (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-flo (Ubuntu)
New
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Won't Fix
High
Unassigned
Wily
New
High
Unassigned
Xenial
New
High
Unassigned
Yakkety
New
High
Unassigned
linux-fsl-imx51 (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-goldfish (Ubuntu)
New
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Won't Fix
High
Unassigned
Wily
New
High
Unassigned
Xenial
New
High
Unassigned
Yakkety
New
High
Unassigned
linux-lts-backport-maverick (Ubuntu)
New
Undecided
Unassigned
Lucid
Won't Fix
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Trusty
New
Undecided
Unassigned
Utopic
Won't Fix
Undecided
Unassigned
Vivid
New
Undecided
Unassigned
Wily
New
Undecided
Unassigned
Xenial
New
Undecided
Unassigned
Yakkety
New
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
New
Undecided
Unassigned
Lucid
Won't Fix
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Trusty
New
Undecided
Unassigned
Utopic
Won't Fix
Undecided
Unassigned
Vivid
New
Undecided
Unassigned
Wily
New
Undecided
Unassigned
Xenial
New
Undecided
Unassigned
Yakkety
New
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Invalid
High
Unassigned
Precise
Won't Fix
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-lts-raring (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-lts-saucy (Ubuntu)
Invalid
High
Unassigned
Precise
Won't Fix
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-lts-trusty (Ubuntu)
Invalid
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-lts-utopic (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Fix Committed
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-lts-vivid (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Fix Committed
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-lts-wily (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-lts-xenial (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Fix Committed
High
Unassigned
Vivid
New
Undecided
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-mako (Ubuntu)
New
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Won't Fix
High
Unassigned
Wily
New
High
Unassigned
Xenial
New
High
Unassigned
Yakkety
New
High
Unassigned
linux-manta (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Won't Fix
High
Unassigned
Wily
New
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-mvl-dove (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-raspi2 (Ubuntu)
Fix Committed
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Fix Committed
High
Unassigned
Yakkety
Fix Committed
High
Unassigned
linux-snapdragon (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
New
Undecided
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
Yakkety
Invalid
High
Unassigned

Bug Description

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. A privileged guest user can use this flaw to crash the host. Enabling CONFIG_PARAVIRT when building the kernel mitigates this issue because wrmsrl() ends up invoking safe msr write variant.

Break-Fix: - 854e8bb1aa06c578c2c9145fa6bfe3680ef63b23

Revision history for this message
John Johansen (jjohansen) wrote :

CVE-2014-3610

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
information type: Public Security → Private Security
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Vivid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Vivid):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Vivid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Vivid):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Vivid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Vivid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Vivid):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Vivid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → High
Changed in linux (Ubuntu Precise):
importance: Undecided → High
Changed in linux (Ubuntu Lucid):
importance: Undecided → High
Changed in linux (Ubuntu Vivid):
importance: Undecided → High
Changed in linux (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
information type: Private Security → Public Security
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (10.4 KiB)

This bug was fixed in the package linux - 3.13.0-39.66

---------------
linux (3.13.0-39.66) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1386629

  [ Upstream Kernel Changes ]

  * KVM: x86: Check non-canonical addresses upon WRMSR
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Prevent host from panicking on shared MSR writes.
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Improve thread safety in pit
    - LP: #1384540
    - CVE-2014-3611
  * KVM: x86: Fix wrong masking on relative jump/call
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Warn if guest virtual address space is not 48-bits
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Emulator fixes for eip canonical checks on near branches
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: emulating descriptor load misses long-mode case
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Handle errors when RIP is set during far jumps
    - LP: #1384545
    - CVE-2014-3647
  * kvm: vmx: handle invvpid vm exit gracefully
    - LP: #1384544
    - CVE-2014-3646
  * Input: synaptics - gate forcepad support by DMI check
    - LP: #1381815

linux (3.13.0-38.65) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1379244

  [ Andy Whitcroft ]

  * Revert "SAUCE: scsi: hyper-v storsvc switch up to SPC-3"
    - LP: #1354397
  * [Config] linux-image-extra is additive to linux-image
    - LP: #1375310
  * [Config] linux-image-extra postrm is not needed on purge
    - LP: #1375310

  [ Upstream Kernel Changes ]

  * Revert "KVM: x86: Increase the number of fixed MTRR regs to 10"
    - LP: #1377564
  * Revert "USB: option,zte_ev: move most ZTE CDMA devices to zte_ev"
    - LP: #1377564
  * aufs: bugfix, stop calling security_mmap_file() again
    - LP: #1371316
  * ipvs: fix ipv6 hook registration for local replies
    - LP: #1349768
  * Drivers: add blist flags
    - LP: #1354397
  * sd: fix a bug in deriving the FLUSH_TIMEOUT from the basic I/O timeout
    - LP: #1354397
  * drm/i915/bdw: Add 42ms delay for IPS disable
    - LP: #1374389
  * drm/i915: add null render states for gen6, gen7 and gen8
    - LP: #1374389
  * drm/i915/bdw: 3D_CHICKEN3 has write mask bits
    - LP: #1374389
  * drm/i915/bdw: Disable idle DOP clock gating
    - LP: #1374389
  * drm/i915: call lpt_init_clock_gating on BDW too
    - LP: #1374389
  * drm/i915: shuffle panel code
    - LP: #1374389
  * drm/i915: extract backlight minimum brightness from VBT
    - LP: #1374389
  * drm/i915: respect the VBT minimum backlight brightness
    - LP: #1374389
  * drm/i915/bdw: Apply workarounds in render ring init function
    - LP: #1374389
  * drm/i915/bdw: Cleanup pre prod workarounds
    - LP: #1374389
  * drm/i915: Replace hardcoded cacheline size with macro
    - LP: #1374389
  * drm/i915: Refactor Broadwell PIPE_CONTROL emission into a helper.
    - LP: #1374389
  * drm/i915: Add the WaCsStallBeforeStateCacheInvalidate:bdw workaround.
    - LP: #1374389
  * drm/i915/bdw: Remove BDW preproduction W/As until C stepping.
    - LP: #1374389
  * mptfusion: enable no_write_same for vmware scsi disks
    - LP: #1371591
  * iommu/amd: Fix cleanup_domai...

Changed in linux (Ubuntu Trusty):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.16.0-24.32

---------------
linux (3.16.0-24.32) utopic; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1386635

  [ Upstream Kernel Changes ]

  * KVM: x86: Check non-canonical addresses upon WRMSR
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Prevent host from panicking on shared MSR writes.
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Improve thread safety in pit
    - LP: #1384540
    - CVE-2014-3611
  * KVM: x86: Fix wrong masking on relative jump/call
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Warn if guest virtual address space is not 48-bits
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Emulator fixes for eip canonical checks on near branches
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: emulating descriptor load misses long-mode case
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Handle errors when RIP is set during far jumps
    - LP: #1384545
    - CVE-2014-3647
  * kvm: vmx: handle invvpid vm exit gracefully
    - LP: #1384544
    - CVE-2014-3646
 -- Luis Henriques <email address hidden> Tue, 28 Oct 2014 10:40:55 +0000

Changed in linux (Ubuntu Utopic):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.16.0-24.32

---------------
linux (3.16.0-24.32) utopic; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1386635

  [ Upstream Kernel Changes ]

  * KVM: x86: Check non-canonical addresses upon WRMSR
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Prevent host from panicking on shared MSR writes.
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Improve thread safety in pit
    - LP: #1384540
    - CVE-2014-3611
  * KVM: x86: Fix wrong masking on relative jump/call
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Warn if guest virtual address space is not 48-bits
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Emulator fixes for eip canonical checks on near branches
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: emulating descriptor load misses long-mode case
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Handle errors when RIP is set during far jumps
    - LP: #1384545
    - CVE-2014-3647
  * kvm: vmx: handle invvpid vm exit gracefully
    - LP: #1384544
    - CVE-2014-3646
 -- Luis Henriques <email address hidden> Tue, 28 Oct 2014 10:40:55 +0000

Changed in linux (Ubuntu Vivid):
status: New → Fix Released
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Fix Committed
description: updated
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Brad Figg (brad-figg)
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Fix Released
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-71.138

---------------
linux (2.6.32-71.138) lucid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1403943

  [ Luis Henriques ]

  * [Config] updateconfigs CONFIG_X86_16BIT=y after v2.6.32.65 update

  [ Upstream Kernel Changes ]

  * KVM: x86: Check non-canonical addresses upon WRMSR
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Improve thread safety in pit
    - LP: #1384540
    - CVE-2014-3611
  * net:socket: set msg_namelen to 0 if msg_name is passed as NULL in
    msghdr struct from userland.
    - LP: #1335478
  * x86, 64-bit: Move K8 B step iret fixup to fault entry asm
    - LP: #1403918
  * x86-64: Adjust frame type at paranoid_exit:
    - LP: #1403918
  * x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
    - LP: #1403918
  * x86-32, espfix: Remove filter for espfix32 due to race
    - LP: #1403918
  * x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
    - LP: #1403918
  * x86, espfix: Move espfix definitions into a separate header file
    - LP: #1403918
  * x86, espfix: Fix broken header guard
    - LP: #1403918
  * x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1403918
  * x86, espfix: Make it possible to disable 16-bit support
    - LP: #1403918
  * x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1403918
  * x86/espfix/xen: Fix allocation of pages for paravirt page tables
    - LP: #1403918
  * x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
    - LP: #1403918
  * x86_64, traps: Rework bad_iret
    - LP: #1403918
 -- Luis Henriques <email address hidden> Thu, 18 Dec 2014 16:22:56 +0000

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-flo (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-mako (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Vivid):
importance: Undecided → High
Changed in linux-manta (Ubuntu Utopic):
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-375.92

---------------
linux-ec2 (2.6.32-375.92) lucid; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-71.138
  * Xen: x86, 64-bit: Move K8 B step iret fixup to fault entry asm
    - LP: #1403918
  * Xen: x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
    - LP: #1403918
  * Xen: x86-32, espfix: Remove filter for espfix32 due to race
    - LP: #1403918
  * Xen: x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit
    stack
    - LP: #1403918
  * Xen: x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1403918
  * Xen: x86, espfix: Make it possible to disable 16-bit support
    - LP: #1403918
  * Xen: x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1403918
  * Xen: [Config] Enable CONFIG_X86_16BIT
  * Rebased to Ubuntu-2.6.32-72.139
  * Release Tracking Bug
    - LP: #1411354

  [ Ubuntu: 2.6.32-72.139 ]

  * isofs: Fix infinite looping over CE entries
    - LP: #1407947
    - CVE-2014-9420
  * x86/tls: Validate TLS entries to protect espfix
    - LP: #1403852
    - CVE-2014-8133

  [ Ubuntu: 2.6.32-71.138 ]

  * [Config] updateconfigs CONFIG_X86_16BIT=y after v2.6.32.65 update
  * KVM: x86: Check non-canonical addresses upon WRMSR
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Improve thread safety in pit
    - LP: #1384540
    - CVE-2014-3611
  * net:socket: set msg_namelen to 0 if msg_name is passed as NULL in
    msghdr struct from userland.
    - LP: #1335478
  * x86, 64-bit: Move K8 B step iret fixup to fault entry asm
    - LP: #1403918
  * x86-64: Adjust frame type at paranoid_exit:
    - LP: #1403918
  * x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
    - LP: #1403918
  * x86-32, espfix: Remove filter for espfix32 due to race
    - LP: #1403918
  * x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
    - LP: #1403918
  * x86, espfix: Move espfix definitions into a separate header file
    - LP: #1403918
  * x86, espfix: Fix broken header guard
    - LP: #1403918
  * x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1403918
  * x86, espfix: Make it possible to disable 16-bit support
    - LP: #1403918
  * x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1403918
  * x86/espfix/xen: Fix allocation of pages for paravirt page tables
    - LP: #1403918
  * x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
    - LP: #1403918
  * x86_64, traps: Rework bad_iret
    - LP: #1403918
 -- Stefan Bader <email address hidden> Thu, 18 Dec 2014 18:20:27 +0100

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
no longer affects: linux-lts-trusty (Ubuntu Lucid)
no longer affects: linux-armadaxp (Ubuntu Lucid)
no longer affects: linux-ec2 (Ubuntu Lucid)
no longer affects: linux-goldfish (Ubuntu Lucid)
no longer affects: linux-lts-saucy (Ubuntu Lucid)
no longer affects: linux-lts-quantal (Ubuntu Lucid)
no longer affects: linux-mvl-dove (Ubuntu Lucid)
no longer affects: linux-ti-omap4 (Ubuntu Lucid)
no longer affects: linux (Ubuntu Lucid)
no longer affects: linux-mako (Ubuntu Lucid)
no longer affects: linux-fsl-imx51 (Ubuntu Lucid)
no longer affects: linux-lts-utopic (Ubuntu Lucid)
no longer affects: linux-flo (Ubuntu Lucid)
no longer affects: linux-lts-raring (Ubuntu Lucid)
no longer affects: linux-manta (Ubuntu Lucid)
Changed in linux-lts-vivid (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → High
Andy Whitcroft (apw)
Changed in linux-lts-utopic (Ubuntu Trusty):
status: Invalid → Fix Committed
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
no longer affects: linux-lts-trusty (Ubuntu Utopic)
no longer affects: linux-armadaxp (Ubuntu Utopic)
no longer affects: linux-ec2 (Ubuntu Utopic)
no longer affects: linux-goldfish (Ubuntu Utopic)
no longer affects: linux-lts-saucy (Ubuntu Utopic)
no longer affects: linux-lts-quantal (Ubuntu Utopic)
no longer affects: linux-mvl-dove (Ubuntu Utopic)
no longer affects: linux-ti-omap4 (Ubuntu Utopic)
no longer affects: linux-lts-vivid (Ubuntu Utopic)
no longer affects: linux (Ubuntu Utopic)
no longer affects: linux-mako (Ubuntu Utopic)
no longer affects: linux-fsl-imx51 (Ubuntu Utopic)
no longer affects: linux-lts-utopic (Ubuntu Utopic)
no longer affects: linux-flo (Ubuntu Utopic)
no longer affects: linux-lts-raring (Ubuntu Utopic)
no longer affects: linux-manta (Ubuntu Utopic)
Steve Beattie (sbeattie)
Changed in linux-lts-wily (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-wily (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-wily (Ubuntu Xenial):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-wily (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-wily (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Steve Beattie (sbeattie)
Changed in linux-raspi2 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Xenial):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Steve Beattie (sbeattie)
Changed in linux-raspi2 (Ubuntu Xenial):
status: Invalid → Fix Committed
Steve Beattie (sbeattie)
Changed in linux-lts-xenial (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-xenial (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-xenial (Ubuntu Xenial):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-xenial (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → High
Steve Beattie (sbeattie)
Changed in linux-manta (Ubuntu Xenial):
status: New → Invalid
Rolf Leggewie (r0lf)
Changed in linux-lts-backport-maverick (Ubuntu Utopic):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Utopic):
status: New → Won't Fix
Steve Beattie (sbeattie)
Changed in linux-snapdragon (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-snapdragon (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-snapdragon (Ubuntu Xenial):
status: New → Invalid
importance: Undecided → High
Changed in linux-snapdragon (Ubuntu Yakkety):
status: New → Invalid
importance: Undecided → High
Changed in linux-snapdragon (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Revision history for this message
Andy Whitcroft (apw) wrote : Closing unsupported series nomination.

This bug was nominated against a series that is no longer supported, ie vivid. The bug task representing the vivid nomination is being closed as Won't Fix.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux-flo (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-goldfish (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-mako (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-manta (Ubuntu Vivid):
status: New → Won't Fix
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in linux-lts-saucy (Ubuntu Precise):
status: Fix Committed → Won't Fix
Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Won't Fix
Steve Langasek (vorlon)
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.