Ubuntu

CVE-2013-1943

Reported by John Johansen on 2013-06-17
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-armadaxp (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-ec2 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-lts-backport-natty (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-lts-raring (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned

Bug Description

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.

Break-Fix: - fa3d315a4ce2c0891cdde262562e710d95fba19e
Break-Fix: - 9e3bb6b6f6a0c535eb053fbf0005a8e79e053374

John Johansen (jjohansen) wrote :

CVE-2013-1943

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Raring):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Raring):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Saucy):
status: New → Invalid
Changed in linux (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux (Ubuntu Raring):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Raring):
status: New → Fix Committed
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Saucy):
status: New → Invalid
description: updated
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-51.113

---------------
linux (2.6.32-51.113) lucid; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1215005

  [ Andy Whitcroft ]

  * remove debian/changelog from git
  * [Packaging] supply perf with appropriate prefix to ensure use of local
    config
    - LP: #1206200
    - CVE-2013-1060

  [ Brad Figg ]

  * Start new release

  [ Upstream Kernel Changes ]

  * Revert "x86, ptrace: fix build breakage with gcc 4.7"
    - LP: #1199154
  * ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET
    pending data
    - LP: #1205070
    - CVE-2013-4162
  * sctp: deal with multiple COOKIE_ECHO chunks
    - LP: #1194445
    - CVE-2013-2206
  * sctp: Use correct sideffect command in duplicate cookie handling
    - LP: #1194445
    - CVE-2013-2206
  * KVM: Validate userspace_addr of memslot when registered
    - LP: #1191918
    - CVE-2013-1943
  * KVM: add missing void __user * cast to access_ok() call
    - LP: #1191918
    - CVE-2013-1943
 -- Brad Figg <email address hidden> Wed, 21 Aug 2013 09:13:41 -0700

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-356.69

---------------
linux-ec2 (2.6.32-356.69) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-51.113
  * Release Tracking Bug
    - LP: #1215239

  [ Ubuntu: 2.6.32-51.113 ]

  * remove debian/changelog from git
  * [Packaging] supply perf with appropriate prefix to ensure use of local
    config
    - LP: #1206200
    - CVE-2013-1060
  * Start new release
  * Revert "x86, ptrace: fix build breakage with gcc 4.7"
    - LP: #1199154
  * ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET
    pending data
    - LP: #1205070
    - CVE-2013-4162
  * sctp: deal with multiple COOKIE_ECHO chunks
    - LP: #1194445
    - CVE-2013-2206
  * sctp: Use correct sideffect command in duplicate cookie handling
    - LP: #1194445
    - CVE-2013-2206
  * KVM: Validate userspace_addr of memslot when registered
    - LP: #1191918
    - CVE-2013-1943
  * KVM: add missing void __user * cast to access_ok() call
    - LP: #1191918
    - CVE-2013-1943
 -- Stefan Bader <email address hidden> Mon, 26 Aug 2013 16:33:40 +0200

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in linux-lts-raring (Ubuntu Precise):
status: Fix Committed → Won't Fix
Changed in linux (Ubuntu Raring):
status: Fix Committed → Won't Fix
Changed in linux-ti-omap4 (Ubuntu Raring):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers