CVE-2014-3631

Bug #1370041 reported by John Johansen on 2014-09-16
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-armadaxp (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-ec2 (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-flo (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-goldfish (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
Xenial
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
Xenial
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-raring (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-saucy (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-trusty (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-utopic (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-vivid (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-mako (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-manta (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-raspi2 (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned

Bug Description

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.

Break-Fix: b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 95389b08d93d5c06ec63ab49bd732b0069b7c35e

John Johansen (jjohansen) wrote :

CVE-2014-3631

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Utopic):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Utopic):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Invalid
Andy Whitcroft (apw) on 2014-09-22
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux (Ubuntu Utopic):
status: New → Invalid
description: updated
Launchpad Janitor (janitor) wrote :
Download full text (22.1 KiB)

This bug was fixed in the package linux - 3.13.0-37.64

---------------
linux (3.13.0-37.64) trusty; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1372576

  [ dann frazier ]

  * [Config] CONFIG_HW_RANDOM_XGENE=m on arm64

  [ Edward Lin ]

  * SAUCE: Add use_native_backlight quirk for Dell Inspiron 5721/3521
    - LP: #1354253, #1354313

  [ Tim Gardner ]

  * SAUCE: Fix nfs oops stable regression
    - LP: #1348670
  * [Config] Add mpt3sas to d-i
    - LP: #1368907
  * [Config] CONFIG_X86_16BIT=y
    - LP: #1371601

  [ Timo Aaltonen ]

  * SAUCE: i915_bdw: Rebase to v3.15.8
    - LP: #1359213

  [ Upstream Kernel Changes ]

  * Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime
    option"
    - LP: #1371601
  * mmc: rtsx: add R1-no-CRC mmc command type handle
    - LP: #1365378
  * rpc_pipe: remove the clntXX dir if creating the pipe fails
    - LP: #1365869
  * sunrpc: add an "info" file for the dummy gssd pipe
    - LP: #1365869
  * rpc_pipe: fix cleanup of dummy gssd directory when notification fails
    - LP: #1365869
  * hwrng: xgene - add support for APM X-Gene SoC RNG support
    - LP: #1365593
  * Documentation: rng: Add X-Gene SoC RNG driver documentation
    - LP: #1365593
  * arm64: dts: add random number generator dts node to APM X-Gene
    platform.
    - LP: #1365593
  * xen/balloon: cancel ballooning if adding new memory failed
    - LP: #1304001
  * x86/xen: resume timer irqs early
    - LP: #1368724
  * xen/manage: Always freeze/thaw processes when suspend/resuming
    - LP: #1368724
  * scsi_transport_sas: move bsg destructor into sas_rphy_remove
    - LP: #1368991
  * drm/i915: Enable 5.4Ghz (HBR2) link rate for Displayport 1.2-capable
    devices
    - LP: #1369633
  * bnx2x: Fix link for KR with swapped polarity lane
    - LP: #1370716
  * drm: add DRM_CAPs for cursor size
    - LP: #1359213
  * drm/dp: Add AUX channel infrastructure
    - LP: #1359213
  * drm/dp: Add drm_dp_dpcd_read_link_status()
    - LP: #1359213
  * drm/dp: Add DisplayPort link helpers
    - LP: #1359213
  * drm/dp: Allow registering AUX channels as I2C busses
    - LP: #1359213
  * drm/dp: let drivers specify the name of the I2C-over-AUX adapter
    - LP: #1359213
  * drm/dp: make aux retries less chatty
    - LP: #1359213
  * Bluetooth: Enable Atheros 0cf3:311e for firmware upload
    - LP: #1371477
  * bnx2x: fix crash during TSO tunneling
    - LP: #1371601
  * inetpeer: get rid of ip_id_count
    - LP: #1371601
  * ip: make IP identifiers less predictable
    - LP: #1371601
  * tcp: Fix integer-overflows in TCP veno
    - LP: #1371601
  * tcp: Fix integer-overflow in TCP vegas
    - LP: #1371601
  * macvlan: Initialize vlan_features to turn on offload support.
    - LP: #1371601
  * net: Correctly set segment mac_len in skb_segment().
    - LP: #1371601
  * iovec: make sure the caller actually wants anything in
    memcpy_fromiovecend
    - LP: #1371601
  * batman-adv: Fix out-of-order fragmentation support
    - LP: #1371601
  * sctp: fix possible seqlock seadlock in sctp_packet_transmit()
    - LP: #1371601
  * sparc64: Fix argument sign extension for compat_sys_futex().
    - LP: #1371601
  ...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
no longer affects: linux-lts-trusty (Ubuntu Lucid)
no longer affects: linux-armadaxp (Ubuntu Lucid)
no longer affects: linux-ec2 (Ubuntu Lucid)
no longer affects: linux-goldfish (Ubuntu Lucid)
no longer affects: linux-lts-saucy (Ubuntu Lucid)
no longer affects: linux-lts-quantal (Ubuntu Lucid)
no longer affects: linux-mvl-dove (Ubuntu Lucid)
no longer affects: linux-ti-omap4 (Ubuntu Lucid)
no longer affects: linux-lts-vivid (Ubuntu Lucid)
no longer affects: linux (Ubuntu Lucid)
no longer affects: linux-mako (Ubuntu Lucid)
no longer affects: linux-fsl-imx51 (Ubuntu Lucid)
no longer affects: linux-lts-utopic (Ubuntu Lucid)
no longer affects: linux-flo (Ubuntu Lucid)
no longer affects: linux-lts-raring (Ubuntu Lucid)
no longer affects: linux-manta (Ubuntu Lucid)
Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Fix Released
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Steve Beattie (sbeattie) on 2016-01-27
no longer affects: linux-lts-trusty (Ubuntu Utopic)
no longer affects: linux-armadaxp (Ubuntu Utopic)
no longer affects: linux-ec2 (Ubuntu Utopic)
no longer affects: linux-goldfish (Ubuntu Utopic)
no longer affects: linux-lts-saucy (Ubuntu Utopic)
no longer affects: linux-lts-quantal (Ubuntu Utopic)
no longer affects: linux-raspi2 (Ubuntu Utopic)
no longer affects: linux-mvl-dove (Ubuntu Utopic)
no longer affects: linux-ti-omap4 (Ubuntu Utopic)
no longer affects: linux-lts-vivid (Ubuntu Utopic)
no longer affects: linux (Ubuntu Utopic)
no longer affects: linux-mako (Ubuntu Utopic)
no longer affects: linux-fsl-imx51 (Ubuntu Utopic)
no longer affects: linux-lts-utopic (Ubuntu Utopic)
no longer affects: linux-flo (Ubuntu Utopic)
no longer affects: linux-lts-raring (Ubuntu Utopic)
no longer affects: linux-manta (Ubuntu Utopic)
Changed in linux-raspi2 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-raspi2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-raspi2 (Ubuntu Wily):
importance: Undecided → Medium
Changed in linux-raspi2 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Steve Beattie (sbeattie) on 2016-01-27
Changed in linux-raspi2 (Ubuntu Xenial):
importance: Undecided → Medium
Rolf Leggewie (r0lf) wrote :

utopic has seen the end of its life and is no longer receiving any updates. Marking the utopic task for this ticket as "Won't Fix".

Changed in linux-lts-backport-maverick (Ubuntu Utopic):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Utopic):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers