Ubuntu

CVE-2012-2390

Reported by John Johansen on 2012-05-25
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Brad Figg
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-armadaxp (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-ec2 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-lts-quantal (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-mvl-dove (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned

Bug Description

Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations.

Break-Fix: - c50ac050811d6485616a193eb0f37bfbd191cc89

John Johansen (jjohansen) wrote :

CVE-2012-2390

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Precise):
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Low
description: updated
Brad Figg (brad-figg) on 2012-07-05
Changed in linux (Ubuntu Quantal):
status: New → Fix Released
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Natty):
assignee: nobody → Brad Figg (brad-figg)
status: New → In Progress
Changed in linux (Ubuntu Lucid):
assignee: nobody → Brad Figg (brad-figg)
status: New → In Progress
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → In Progress
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → In Progress
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Released
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
description: updated
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Invalid

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-42.95

---------------
linux (2.6.32-42.95) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1027831

  [ Upstream Kernel Changes ]

  * hugetlb: fix resv_map leak in error path
    - LP: #1004621
    - CVE-2012-2390
  * mm: fix vma_resv_map() NULL pointer
    - LP: #1004621
    - CVE-2012-2390
  * net: sock: validate data_len before allocating skb in
    sock_alloc_send_pskb()
    - LP: #1006622
    - CVE-2012-2136
  * 2.6.32.x: ntp: Fix leap-second hrtimer livelock
    - LP: #1020285
  * 2.6.32.x: ntp: Correct TAI offset during leap second
    - LP: #1020285
  * 2.6.32.x: timekeeping: Fix CLOCK_MONOTONIC inconsistency during
    leapsecond
    - LP: #1020285
  * 2.6.32.x: time: Move common updates to a function
    - LP: #1020285
  * 2.6.32.x: hrtimer: Provide clock_was_set_delayed()
    - LP: #1020285
  * 2.6.32.x: timekeeping: Fix leapsecond triggered load spike issue
    - LP: #1020285
  * 2.6.32.x: timekeeping: Maintain ktime_t based offsets for hrtimers
    - LP: #1020285
  * 2.6.32.x: hrtimers: Move lock held region in hrtimer_interrupt()
    - LP: #1020285
  * 2.6.32.x: timekeeping: Provide hrtimer update function
    - LP: #1020285
  * 2.6.32.x: hrtimer: Update hrtimer base offsets each hrtimer_interrupt
    - LP: #1020285
  * 2.6.32.x: timekeeping: Add missing update call in timekeeping_resume()
    - LP: #1020285
 -- Luis Henriques <email address hidden> Tue, 24 Jul 2012 16:34:35 +0100

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-347.52

---------------
linux-ec2 (2.6.32-347.52) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebase to Ubuntu-2.6.32-42.95
  * Release Tracking Bug
    - LP: #1029177

  [ Ubuntu: 2.6.32-42.95 ]

  * hugetlb: fix resv_map leak in error path
    - LP: #1004621
    - CVE-2012-2390
  * mm: fix vma_resv_map() NULL pointer
    - LP: #1004621
    - CVE-2012-2390
  * net: sock: validate data_len before allocating skb in
    sock_alloc_send_pskb()
    - LP: #1006622
    - CVE-2012-2136
  * 2.6.32.x: ntp: Fix leap-second hrtimer livelock
    - LP: #1020285
  * 2.6.32.x: ntp: Correct TAI offset during leap second
    - LP: #1020285
  * 2.6.32.x: timekeeping: Fix CLOCK_MONOTONIC inconsistency during
    leapsecond
    - LP: #1020285
  * 2.6.32.x: time: Move common updates to a function
    - LP: #1020285
  * 2.6.32.x: hrtimer: Provide clock_was_set_delayed()
    - LP: #1020285
  * 2.6.32.x: timekeeping: Fix leapsecond triggered load spike issue
    - LP: #1020285
  * 2.6.32.x: timekeeping: Maintain ktime_t based offsets for hrtimers
    - LP: #1020285
  * 2.6.32.x: hrtimers: Move lock held region in hrtimer_interrupt()
    - LP: #1020285
  * 2.6.32.x: timekeeping: Provide hrtimer update function
    - LP: #1020285
  * 2.6.32.x: hrtimer: Update hrtimer base offsets each hrtimer_interrupt
    - LP: #1020285
  * 2.6.32.x: timekeeping: Add missing update call in timekeeping_resume()
    - LP: #1020285

  [ Ubuntu: 2.6.32-41.94 ]

  * fix ABI directory naming
 -- Stefan Bader <email address hidden> Thu, 26 Jul 2012 18:38:08 +0200

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-15.65

---------------
linux (2.6.38-15.65) natty-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1027821

  [ Andy Whitcroft ]

  * SAUCE: rds_ib_send() -- prevent local pings triggering BUG_ON()
    - LP: #1016299
    - CVE-2012-2372

  [ Upstream Kernel Changes ]

  * hugetlb: fix resv_map leak in error path
    - LP: #1004621
    - CVE-2012-2390
  * mm: fix vma_resv_map() NULL pointer
    - LP: #1004621
    - CVE-2012-2390
  * net: sock: validate data_len before allocating skb in
    sock_alloc_send_pskb()
    - LP: #1006622
    - CVE-2012-2136
 -- Luis Henriques <email address hidden> Thu, 26 Jul 2012 14:37:28 +0100

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-15.65~lucid1

---------------
linux-lts-backport-natty (2.6.38-15.65~lucid1) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1029786

  [ Andy Whitcroft ]

  * SAUCE: rds_ib_send() -- prevent local pings triggering BUG_ON()
    - LP: #1016299
    - CVE-2012-2372

  [ Upstream Kernel Changes ]

  * hugetlb: fix resv_map leak in error path
    - LP: #1004621
    - CVE-2012-2390
  * mm: fix vma_resv_map() NULL pointer
    - LP: #1004621
    - CVE-2012-2390
  * net: sock: validate data_len before allocating skb in
    sock_alloc_send_pskb()
    - LP: #1006622
    - CVE-2012-2136
 -- Luis Henriques <email address hidden> Fri, 27 Jul 2012 14:13:12 +0100

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Tim Gardner (timg-tpi) wrote :

Oneiric - fix released with Ubuntu-3.0.0-23.37

Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Tim Gardner (timg-tpi) wrote :

Too difficult and error prone to backport the fix.

Changed in linux (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Hardy):
status: Invalid → Won't Fix
Ike Panhc (ikepanhc) wrote :

Patch c50ac050811d6485616a193eb0f37bfbd191cc89 in upstream 3.5

Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-lts-quantal (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
importance: Undecided → Low
no longer affects: linux-armadaxp (Ubuntu Natty)
no longer affects: linux-ec2 (Ubuntu Natty)
no longer affects: linux-lts-backport-oneiric (Ubuntu Natty)
no longer affects: linux-lts-backport-natty (Ubuntu Natty)
no longer affects: linux-lts-quantal (Ubuntu Natty)
no longer affects: linux-mvl-dove (Ubuntu Natty)
no longer affects: linux-lts-backport-maverick (Ubuntu Natty)
no longer affects: linux (Ubuntu Natty)
no longer affects: linux-fsl-imx51 (Ubuntu Natty)
no longer affects: linux-ti-omap4 (Ubuntu Natty)
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
importance: Undecided → Low
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers