CVE-2014-3144

Bug #1319561 reported by John Johansen on 2014-05-14
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-armadaxp (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-ec2 (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-flo (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-goldfish (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Status tracked in Vivid
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
Status tracked in Vivid
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-lts-raring (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-lts-saucy (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-lts-trusty (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-lts-utopic (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-mako (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-manta (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned

Bug Description

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.

Break-Fix: 4738c1db1593687713869fa69e733eebc7b0d6d8 05ab8f2647e4221cbdb3856dd7d32bd5407316b3

CVE References

John Johansen (jjohansen) wrote :

CVE-2014-3144

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Utopic):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Quantal):
importance: Undecided → Medium
no longer affects: linux-armadaxp (Ubuntu Quantal)
no longer affects: linux-ec2 (Ubuntu Quantal)
no longer affects: linux-lts-saucy (Ubuntu Quantal)
no longer affects: linux-lts-quantal (Ubuntu Quantal)
no longer affects: linux-mvl-dove (Ubuntu Quantal)
no longer affects: linux (Ubuntu Quantal)
no longer affects: linux-fsl-imx51 (Ubuntu Quantal)
no longer affects: linux-ti-omap4 (Ubuntu Quantal)
no longer affects: linux-lts-raring (Ubuntu Quantal)
Changed in linux (Ubuntu Utopic):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Saucy):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-62.125

---------------
linux (2.6.32-62.125) lucid; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1328140

  [ John Johansen ]

  * SAUCE: (no-up) Fix regression introduced by patch, for CVE-2014-3153
    - LP: #1327300

  [ Kamal Mostafa ]

  * [Config] add debian/gbp.conf

  [ Upstream Kernel Changes ]

  * filter: prevent nla extensions to peek beyond the end of the message
    - LP: #1319561, #1319563
    - CVE-2014-3145
 -- Brad Figg <email address hidden> Mon, 09 Jun 2014 07:11:00 -0700

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for linux has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-366.80

---------------
linux-ec2 (2.6.32-366.80) lucid; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-62.125
  * Release Tracking Bug
    - LP: #1328287

  [ Upstream Kernel Changes ]

  * blkfront: fixes for 'xm block-detach ... --force'
    - LP: #1326870
  * blkfront: don't access freed struct xenbus_device
    - LP: #1326870
  * blkfront: Clean up vbd release
    - LP: #1326870
  * blkfront: Lock blkfront_info when closing
    - LP: #1326870

  [ Ubuntu: 2.6.32-62.125 ]

  * SAUCE: (no-up) Fix regression introduced by patch, for CVE-2014-3153
    - LP: #1327300
  * [Config] add debian/gbp.conf
  * filter: prevent nla extensions to peek beyond the end of the message
    - LP: #1319561, #1319563
    - CVE-2014-3145
 -- Stefan Bader <email address hidden> Wed, 11 Jun 2014 11:13:31 +0200

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-quantal - 3.5.0-52.78~precise1

---------------
linux-lts-quantal (3.5.0-52.78~precise1) precise; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1328969

  [ Andy Whitcroft ]

  * [debian] insertchanges -- fix to work across major version changes

  [ Brad Figg ]

  * Non-rebase branch fixups so startnewrelease will work.
  * debian/rules.d/0-common-vars.mk: drop anything after ~ from the version
  * debian/rules.d/1-maintainer.mk: Add '-lts-' to the tag that being used
    to find the base commit

  [ Kamal Mostafa ]

  * [Config] add debian/gbp.conf

  [ Upstream Kernel Changes ]

  * filter: prevent nla extensions to peek beyond the end of the message
    - LP: #1319561, #1319563
    - CVE-2014-3145
 -- Luis Henriques <email address hidden> Wed, 11 Jun 2014 17:23:37 +0100

Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Utopic):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Utopic):
status: New → Won't Fix
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Released
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-lts-saucy (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Saucy):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Rolf Leggewie (r0lf) wrote :

saucy has seen the end of its life and is no longer receiving any updates. Marking the saucy task for this ticket as "Won't Fix".

Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Won't Fix
no longer affects: linux-lts-trusty (Ubuntu Saucy)
no longer affects: linux-armadaxp (Ubuntu Saucy)
no longer affects: linux-ec2 (Ubuntu Saucy)
no longer affects: linux-goldfish (Ubuntu Saucy)
no longer affects: linux-lts-saucy (Ubuntu Saucy)
no longer affects: linux-lts-quantal (Ubuntu Saucy)
no longer affects: linux-mvl-dove (Ubuntu Saucy)
no longer affects: linux-ti-omap4 (Ubuntu Saucy)
no longer affects: linux (Ubuntu Saucy)
no longer affects: linux-mako (Ubuntu Saucy)
no longer affects: linux-fsl-imx51 (Ubuntu Saucy)
no longer affects: linux-lts-utopic (Ubuntu Saucy)
no longer affects: linux-flo (Ubuntu Saucy)
no longer affects: linux-lts-raring (Ubuntu Saucy)
no longer affects: linux-manta (Ubuntu Saucy)
Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Fix Released
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Changed in linux-lts-raring (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux (Ubuntu Utopic):
status: Fix Committed → Invalid
Changed in linux (Ubuntu Vivid):
status: Fix Committed → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Vivid):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Vivid):
status: New → Invalid
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers