Ubuntu

CVE-2013-6380

Reported by John Johansen on 2013-11-28
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-armadaxp (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-ec2 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-lts-raring (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-lts-saucy (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned

Bug Description

The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.

Break-Fix: - b4789b8e6be3151a955ade74872822f30e8cd914

John Johansen (jjohansen) wrote :

CVE-2013-6380

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Raring):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Raring):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Raring):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Saucy):
status: New → Fix Committed
Changed in linux (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Raring):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu):
status: New → Won't Fix
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-lts-saucy (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Saucy):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Raring):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Fix Committed
no longer affects: linux-armadaxp (Ubuntu Raring)
no longer affects: linux-ec2 (Ubuntu Raring)
no longer affects: linux-lts-saucy (Ubuntu Raring)
no longer affects: linux-lts-quantal (Ubuntu Raring)
no longer affects: linux-mvl-dove (Ubuntu Raring)
no longer affects: linux (Ubuntu Raring)
no longer affects: linux-fsl-imx51 (Ubuntu Raring)
no longer affects: linux-ti-omap4 (Ubuntu Raring)
no longer affects: linux-lts-raring (Ubuntu Raring)
Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-362.75

---------------
linux-ec2 (2.6.32-362.75) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-57.119
  * Release Tracking Bug
    - LP: #1281942

  [ Ubuntu: 2.6.32-57.119 ]

  * ubuntu: AUFS: fsnotify_open() now receives a file
    - LP: #1097680
    - CVE-2013-0160
  * KVM: Improve create VCPU parameter (CVE-2013-4587)
    - LP: #1261564
    - CVE-2013-4587
  * KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
    - LP: #1261566
    - CVE-2013-6367
  * xfs: underflow bug in xfs_attrlist_by_handle()
    - LP: #1256091
    - CVE-2013-6382
  * aacraid: prevent invalid pointer dereference
    - LP: #1256083
    - CVE-2013-6380
  * wireless: radiotap: fix parsing buffer overrun
    - LP: #1260622
    - CVE-2013-7027
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1267081
    - CVE-2013-7266
  * net: rose: restore old recvmsg behavior
    - LP: #1267081
    - CVE-2013-7266
  * fsnotify: pass a file instead of an inode to open, read, and write
    - LP: #1097680
    - CVE-2013-0160
  * vfs: introduce FMODE_NONOTIFY
    - LP: #1097680
    - CVE-2013-0160
  * fanotify: FMODE_NONOTIFY and __O_SYNC in sparc conflict
    - LP: #1097680
    - CVE-2013-0160
  * TTY: do not update atime/mtime on read/write
    - LP: #1097680
    - CVE-2013-0160
  * TTY: fix atime/mtime regression
    - LP: #1097680
    - CVE-2013-0160
  * tty: fix up atime/mtime mess, take three
    - LP: #1097680
    - CVE-2013-0160
  * farsync: fix info leak in ioctl
    - LP: #1271442
    - CVE-2014-1444
  * wanxl: fix info leak in ioctl
    - LP: #1271444
    - CVE-2014-1445
  * hamradio/yam: fix info leak in ioctl
    - LP: #1271445
    - CVE-2014-1446
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * exec/ptrace: fix get_dumpable() incorrect tests
    - LP: #1260610
    - CVE-2013-2929
 -- Stefan Bader <email address hidden> Wed, 19 Feb 2014 16:51:53 +0100

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (30.5 KiB)

This bug was fixed in the package linux-lts-raring - 3.8.0-37.53~precise1

---------------
linux-lts-raring (3.8.0-37.53~precise1) precise; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1282210

  [ Upstream Kernel Changes ]

  * Revert "of/address: Handle #address-cells > 2 specially"
    - LP: #1278969
  * ath9k_htc: properly set MAC address and BSSID mask
    - LP: #1252422
    - CVE-2013-4579
  * aacraid: prevent invalid pointer dereference
    - LP: #1256083
    - CVE-2013-6380
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * mmc: sdhci-pci: break out definitions to header file
    - LP: #1239938
  * mmc: sdhci-pci: add support of O2Micro/BayHubTech SD hosts
    - LP: #1239938
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * xfs: add capability check to free eofblocks ioctl
    - LP: #1278969
  * staging: vt6656: [BUG] Fix for TX USB resets from vendors driver.
    - LP: #1278969
  * net: Fix "ip rule delete table 256"
    - LP: #1278969
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1278969
  * random32: fix off-by-one in seeding requirement
    - LP: #1278969
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1278969
  * usbnet: fix status interrupt urb handling
    - LP: #1278969
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1278969
  * tuntap: limit head length of skb allocated
    - LP: #1278969
  * macvtap: limit head length of skb allocated
    - LP: #1278969
  * tcp: tsq: restore minimal amount of queueing
    - LP: #1278969
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1278969
  * net-tcp: fix panic in tcp_fastopen_cache_set()
    - LP: #1278969
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1278969
  * connector: improved unaligned access error fix
    - LP: #1278969
  * ipv4: fix possible seqlock deadlock
    - LP: #1278969
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1278969
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1278969
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1278969
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1278969
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1278969
  * ip6_output: fragment outgoing reassembled skb properly
    - LP: #1278969
  * xfrm: Release dst if this dst is improper for vti tunnel
    - LP: #1278969
  * atm: idt77252: fix dev refcnt leak
    - LP: #1278969
  * tcp: don't update snd_nxt, when a socket is switched from repair mode
    - LP: #1278969
  * ipv4: fix race in concurrent ip_route_input_slow()
    - LP: #1278969
  * net: core: Always propagate flag changes to interfaces
    - LP: #1278969
  * bridge: flush br's address entry in fdb when remove the bridge dev
    - LP: #1278969
  * packet: fix use after free race in send path when dev is released
    - LP: #1278969
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1278969
  ...

Changed in linux-lts-raring (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers