Ubuntu

CVE-2013-4127

Reported by John Johansen on 2013-07-19
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-armadaxp (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-ec2 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-lts-raring (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned

Bug Description

Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.

Break-Fix: 1280c27f8e29acf4af2da914e80ec27c3dbd5c01 dd7633ecd553a5e304d349aa6f8eb8a0417098c5

John Johansen (jjohansen) wrote :

CVE-2013-4127

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Raring):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Raring):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Raring):
status: New → Invalid
Changed in linux (Ubuntu Raring):
status: New → Fix Committed
description: updated
Changed in linux (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (12.6 KiB)

This bug was fixed in the package linux - 3.8.0-29.42

---------------
linux (3.8.0-29.42) raring; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1211934

  [ Upstream Kernel Changes ]

  * Revert "veth: avoid a NULL deref in veth_stats_one"
  * Revert "veth: extend device features"
  * Revert "veth: reduce stat overhead"

linux (3.8.0-28.41) raring; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1205373

  [ Andy Whitcroft ]

  * [Config] add iwldvm to nic-modules
    - LP: #1204194

  [ Brad Figg ]

  * [Config] added qlcnic driver to d-i modules
    - LP: #1196597

  [ Rob Herring ]

  * SAUCE: ARM: highbank: Only touch common coherency control register
    fields
    - LP: #1196946

  [ Upstream Kernel Changes ]

  * hp-wmi: add more definitions for new event_id's
    - LP: #1152458
  * MFD: rtsx_pcr: Fix probe fail path
    - LP: #1201321
  * mfd: rtsx: Add support for RTL8411B
    - LP: #1201321
  * veth: reduce stat overhead
    - LP: #1201869
  * veth: extend device features
    - LP: #1201869
  * veth: avoid a NULL deref in veth_stats_one
    - LP: #1201869
  * Input: elantech - fix for newer hardware versions (v7)
    - LP: #1166442
  * UBIFS: correct mount message
    - LP: #1204666
  * zfcp: fix adapter (re)open recovery while link to SAN is down
    - LP: #1204666
  * zfcp: block queue limits with data router
    - LP: #1204666
  * zfcp: status read buffers on first adapter open with link down
    - LP: #1204666
  * ahci: Add AMD CZ SATA device ID
    - LP: #1204666
  * i2c-piix4: Add AMD CZ SMBus device ID
    - LP: #1204666
  * sata_highbank: increase retry count but shorten duration for Calxeda
    controller
    - LP: #1204666
  * clocksource: dw_apb: Fix error check
    - LP: #1204666
  * zram: avoid invalid memory access in zram_exit()
    - LP: #1204666
  * zram: use zram->lock to protect zram_free_page() in swap free notify
    path
    - LP: #1204666
  * zram: destroy all devices on error recovery path in zram_init()
    - LP: #1204666
  * zram: avoid access beyond the zram device
    - LP: #1204666
  * zram: protect sysfs handler from invalid memory access
    - LP: #1204666
  * pcmcia: at91_cf: fix gpio_get_value in at91_cf_get_status
    - LP: #1204666
  * PCI: Fix refcount issue in pci_create_root_bus() error recovery path
    - LP: #1204666
  * ahci: remove pmp link online check in FBS EH
    - LP: #1204666
  * usb: gadget: f_mass_storage: add missing memory barrier for
    thread_wakeup_needed
    - LP: #1204666
  * x86, efi: retry ExitBootServices() on failure
    - LP: #1204666
  * libata: skip SRST for all SIMG [34]7x port-multipliers
    - LP: #1204666
  * ASoC: wm8962: Remove remaining direct register cache accesses
    - LP: #1204666
  * xen/pcifront: Deal with toolstack missing 'XenbusStateClosing' state.
    - LP: #1204666
  * ACPICA: Do not use extended sleep registers unless HW-reduced bit is
    set
    - LP: #1204666
  * ALSA: hda - Cache the MUX selection for generic HDMI
    - LP: #1204666
  * cgroup: fix umount vs cgroup_cfts_commit() race
    - LP: #1204666
  * cgroup: fix umount vs cgroup_event_remove() race
    - LP: #1204666
  * xhci: check for failed dma pool al...

Changed in linux (Ubuntu Raring):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (12.6 KiB)

This bug was fixed in the package linux-lts-raring - 3.8.0-29.42~precise1

---------------
linux-lts-raring (3.8.0-29.42~precise1) precise; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1212057

  [ Upstream Kernel Changes ]

  * Revert "veth: avoid a NULL deref in veth_stats_one"
  * Revert "veth: extend device features"
  * Revert "veth: reduce stat overhead"

linux (3.8.0-28.41) raring; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1205373

  [ Andy Whitcroft ]

  * [Config] add iwldvm to nic-modules
    - LP: #1204194

  [ Brad Figg ]

  * [Config] added qlcnic driver to d-i modules
    - LP: #1196597

  [ Rob Herring ]

  * SAUCE: ARM: highbank: Only touch common coherency control register
    fields
    - LP: #1196946

  [ Upstream Kernel Changes ]

  * hp-wmi: add more definitions for new event_id's
    - LP: #1152458
  * MFD: rtsx_pcr: Fix probe fail path
    - LP: #1201321
  * mfd: rtsx: Add support for RTL8411B
    - LP: #1201321
  * veth: reduce stat overhead
    - LP: #1201869
  * veth: extend device features
    - LP: #1201869
  * veth: avoid a NULL deref in veth_stats_one
    - LP: #1201869
  * Input: elantech - fix for newer hardware versions (v7)
    - LP: #1166442
  * UBIFS: correct mount message
    - LP: #1204666
  * zfcp: fix adapter (re)open recovery while link to SAN is down
    - LP: #1204666
  * zfcp: block queue limits with data router
    - LP: #1204666
  * zfcp: status read buffers on first adapter open with link down
    - LP: #1204666
  * ahci: Add AMD CZ SATA device ID
    - LP: #1204666
  * i2c-piix4: Add AMD CZ SMBus device ID
    - LP: #1204666
  * sata_highbank: increase retry count but shorten duration for Calxeda
    controller
    - LP: #1204666
  * clocksource: dw_apb: Fix error check
    - LP: #1204666
  * zram: avoid invalid memory access in zram_exit()
    - LP: #1204666
  * zram: use zram->lock to protect zram_free_page() in swap free notify
    path
    - LP: #1204666
  * zram: destroy all devices on error recovery path in zram_init()
    - LP: #1204666
  * zram: avoid access beyond the zram device
    - LP: #1204666
  * zram: protect sysfs handler from invalid memory access
    - LP: #1204666
  * pcmcia: at91_cf: fix gpio_get_value in at91_cf_get_status
    - LP: #1204666
  * PCI: Fix refcount issue in pci_create_root_bus() error recovery path
    - LP: #1204666
  * ahci: remove pmp link online check in FBS EH
    - LP: #1204666
  * usb: gadget: f_mass_storage: add missing memory barrier for
    thread_wakeup_needed
    - LP: #1204666
  * x86, efi: retry ExitBootServices() on failure
    - LP: #1204666
  * libata: skip SRST for all SIMG [34]7x port-multipliers
    - LP: #1204666
  * ASoC: wm8962: Remove remaining direct register cache accesses
    - LP: #1204666
  * xen/pcifront: Deal with toolstack missing 'XenbusStateClosing' state.
    - LP: #1204666
  * ACPICA: Do not use extended sleep registers unless HW-reduced bit is
    set
    - LP: #1204666
  * ALSA: hda - Cache the MUX selection for generic HDMI
    - LP: #1204666
  * cgroup: fix umount vs cgroup_cfts_commit() race
    - LP: #1204666
  * cgroup: fix umount vs cgroup_event_remove() race
    - LP: #12046...

Changed in linux-lts-raring (Ubuntu Precise):
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. lucid has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against lucid is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. precise has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against precise is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Raring):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers