Ubuntu
linux-ec2 package

CVE-2013-1943

Raring (13.04)
Bug #1191918

Bug #1191918 reported by John Johansen on 2013-06-17

256

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Fix Released	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Won't Fix	Medium	Unassigned
Raring	Won't Fix	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
linux-armadaxp (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
linux-ec2 (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Fix Released	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
linux-fsl-imx51 (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
linux-lts-backport-maverick (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
linux-lts-backport-natty (Ubuntu)	Invalid	Undecided	Unassigned
Lucid	Invalid	Undecided	Unassigned
Precise	Invalid	Undecided	Unassigned
Quantal	Invalid	Undecided	Unassigned
Raring	Invalid	Undecided	Unassigned
Saucy	Invalid	Undecided	Unassigned
linux-lts-backport-oneiric (Ubuntu)	Invalid	Undecided	Unassigned
Lucid	Invalid	Undecided	Unassigned
Precise	Invalid	Undecided	Unassigned
Quantal	Invalid	Undecided	Unassigned
Raring	Invalid	Undecided	Unassigned
Saucy	Invalid	Undecided	Unassigned
linux-lts-quantal (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
linux-lts-raring (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Won't Fix	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
linux-mvl-dove (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
linux-ti-omap4 (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Won't Fix	Medium	Unassigned
Raring	Won't Fix	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned

Bug Description

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.

Break-Fix: - fa3d315a4ce2c0891cdde262562e710d95fba19e
Break-Fix: - 9e3bb6b6f6a0c535eb053fbf0005a8e79e053374

See original description

Tags:

CVE References

Revision history for this message

John Johansen (jjohansen) wrote on 2013-06-17:

CVE-2013-1943

tags:	added: kernel-cve-tracking-bug
information type:	Public → Public Security
Changed in linux-armadaxp (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Raring):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Raring):
status:	New → Invalid
description:	updated
Changed in linux-armadaxp (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Raring):
importance:	Undecided → Medium

John Johansen (jjohansen) on 2013-06-19

Changed in linux-armadaxp (Ubuntu Precise):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status:	New → Fix Committed
Changed in linux (Ubuntu Precise):
status:	New → Fix Committed
Changed in linux (Ubuntu Saucy):
status:	New → Invalid
Changed in linux (Ubuntu Quantal):
status:	New → Fix Committed
Changed in linux (Ubuntu Raring):
status:	New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status:	New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Quantal):
status:	New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Raring):
status:	New → Fix Committed
Changed in linux-lts-raring (Ubuntu Precise):
status:	New → Fix Committed

Jamie Strandboge (jdstrand) on 2013-07-12

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Saucy):
status:	New → Invalid

John Johansen (jjohansen) on 2013-07-24

description:

updated

John Johansen (jjohansen) on 2013-08-16

Changed in linux-ec2 (Ubuntu Lucid):
status:	New → Fix Committed
Changed in linux (Ubuntu Lucid):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-09-06:

This bug was fixed in the package linux - 2.6.32-51.113

---------------
linux (2.6.32-51.113) lucid; urgency=low

[ Brad Figg ]

* Release Tracking Bug
- LP: #1215005

[ Andy Whitcroft ]

  * remove debian/changelog from git
  * [Packaging] supply perf with appropriate prefix to ensure use of local
    config
    - LP: #1206200
    - CVE-2013-1060

[ Brad Figg ]

* Start new release

[ Upstream Kernel Changes ]

  * Revert "x86, ptrace: fix build breakage with gcc 4.7"
    - LP: #1199154
  * ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET
    pending data
    - LP: #1205070
    - CVE-2013-4162
  * sctp: deal with multiple COOKIE_ECHO chunks
    - LP: #1194445
    - CVE-2013-2206
  * sctp: Use correct sideffect command in duplicate cookie handling
    - LP: #1194445
    - CVE-2013-2206
  * KVM: Validate userspace_addr of memslot when registered
    - LP: #1191918
    - CVE-2013-1943
  * KVM: add missing void __user * cast to access_ok() call
    - LP: #1191918
    - CVE-2013-1943
-- Brad Figg <email address hidden> Wed, 21 Aug 2013 09:13:41 -0700

Changed in linux (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-09-06:

This bug was fixed in the package linux-ec2 - 2.6.32-356.69

---------------
linux-ec2 (2.6.32-356.69) lucid-proposed; urgency=low

[ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-51.113
  * Release Tracking Bug
    - LP: #1215239

[ Ubuntu: 2.6.32-51.113 ]

  * remove debian/changelog from git
  * [Packaging] supply perf with appropriate prefix to ensure use of local
    config
    - LP: #1206200
    - CVE-2013-1060
  * Start new release
  * Revert "x86, ptrace: fix build breakage with gcc 4.7"
    - LP: #1199154
  * ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET
    pending data
    - LP: #1205070
    - CVE-2013-4162
  * sctp: deal with multiple COOKIE_ECHO chunks
    - LP: #1194445
    - CVE-2013-2206
  * sctp: Use correct sideffect command in duplicate cookie handling
    - LP: #1194445
    - CVE-2013-2206
  * KVM: Validate userspace_addr of memslot when registered
    - LP: #1191918
    - CVE-2013-1943
  * KVM: add missing void __user * cast to access_ok() call
    - LP: #1191918
    - CVE-2013-1943
-- Stefan Bader <email address hidden> Mon, 26 Aug 2013 16:33:40 +0200

Changed in linux-ec2 (Ubuntu Lucid):
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Jamie Strandboge (jdstrand) on 2014-04-17

Changed in linux-lts-raring (Ubuntu Precise):
status:	Fix Committed → Won't Fix
Changed in linux (Ubuntu Raring):
status:	Fix Committed → Won't Fix
Changed in linux-ti-omap4 (Ubuntu Raring):
status:	Fix Committed → Won't Fix

Jamie Strandboge (jdstrand) on 2014-06-26

Changed in linux (Ubuntu Quantal):
status:	Fix Committed → Won't Fix
Changed in linux-ti-omap4 (Ubuntu Quantal):
status:	Fix Committed → Won't Fix

Mathew Hodson (mhodson) on 2015-05-11

Changed in linux (Ubuntu Precise):
status:	Fix Committed → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status:	Fix Committed → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status:	Fix Committed → Invalid

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-ec2 package

CVE-2013-1943

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux-ec2 package