x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)
Bug #1337339 reported by
John Johansen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-armadaxp (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-ec2 (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-flo (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-fsl-imx51 (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-goldfish (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-lts-quantal (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-lts-raring (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-lts-saucy (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-lts-trusty (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-lts-utopic (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-lts-vivid (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-mako (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-manta (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-mvl-dove (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned | ||
linux-raspi2 (Ubuntu) |
New
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
New
|
High
|
Unassigned | ||
Xenial |
New
|
High
|
Unassigned | ||
linux-ti-omap4 (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
Wily |
Invalid
|
High
|
Unassigned | ||
Xenial |
Invalid
|
High
|
Unassigned |
Bug Description
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
Break-Fix: 427abfa28afedff
description: | updated |
no longer affects: | linux-lts-trusty (Ubuntu Lucid) |
no longer affects: | linux-lts-trusty (Ubuntu Saucy) |
no longer affects: | linux-lts-trusty (Ubuntu Trusty) |
no longer affects: | linux-lts-trusty (Ubuntu Utopic) |
no longer affects: | linux-ec2 (Ubuntu Precise) |
no longer affects: | linux-ec2 (Ubuntu Saucy) |
no longer affects: | linux-ec2 (Ubuntu Trusty) |
no longer affects: | linux-ec2 (Ubuntu Utopic) |
Changed in linux-ec2 (Ubuntu): | |
status: | New → Invalid |
no longer affects: | linux-lowlatency (Ubuntu Lucid) |
no longer affects: | linux-lowlatency (Ubuntu Trusty) |
no longer affects: | linux-lts-saucy (Ubuntu Utopic) |
no longer affects: | linux-lowlatency (Ubuntu Utopic) |
Changed in linux-lowlatency (Ubuntu): | |
status: | New → Invalid |
no longer affects: | linux-lts-saucy (Ubuntu Trusty) |
no longer affects: | linux-lts-quantal (Ubuntu Lucid) |
no longer affects: | linux-lts-saucy (Ubuntu Lucid) |
no longer affects: | linux-lts-saucy (Ubuntu Saucy) |
no longer affects: | linux-lts-raring (Ubuntu Utopic) |
no longer affects: | linux-lts-quantal (Ubuntu Saucy) |
no longer affects: | linux-lts-quantal (Ubuntu Trusty) |
no longer affects: | linux-lts-quantal (Ubuntu Utopic) |
no longer affects: | linux-lts-raring (Ubuntu Lucid) |
no longer affects: | linux-lts-raring (Ubuntu Saucy) |
no longer affects: | linux-lts-raring (Ubuntu Trusty) |
Changed in linux-lts-trusty (Ubuntu): | |
status: | New → Invalid |
Changed in linux-lts-saucy (Ubuntu): | |
status: | New → Invalid |
Changed in linux-lts-raring (Ubuntu): | |
status: | New → Invalid |
Changed in linux-lts-quantal (Ubuntu): | |
status: | New → Invalid |
information type: | Private Security → Public Security |
no longer affects: | linux-armadaxp (Ubuntu) |
no longer affects: | linux-armadaxp (Ubuntu) |
tags: | added: kernel-cve-tracking-bug |
no longer affects: | linux-armadaxp (Ubuntu) |
no longer affects: | linux-ec2 (Ubuntu) |
no longer affects: | linux-ec2 (Ubuntu Lucid) |
no longer affects: | linux-lowlatency (Ubuntu Precise) |
no longer affects: | linux-lowlatency (Ubuntu Saucy) |
no longer affects: | linux-lowlatency (Ubuntu) |
no longer affects: | linux-lts-quantal (Ubuntu Precise) |
no longer affects: | linux-lts-quantal (Ubuntu) |
no longer affects: | linux-lts-raring (Ubuntu Precise) |
no longer affects: | linux-lts-raring (Ubuntu) |
no longer affects: | linux-lts-saucy (Ubuntu Precise) |
no longer affects: | linux-lts-saucy (Ubuntu) |
no longer affects: | linux-lts-trusty (Ubuntu) |
no longer affects: | linux-lts-trusty (Ubuntu Precise) |
Changed in linux (Ubuntu Precise): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Saucy): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Trusty): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Lucid): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Utopic): | |
importance: | Undecided → High |
description: | updated |
no longer affects: | linux-ti-omap4 (Ubuntu) |
no longer affects: | linux-mvl-dove (Ubuntu) |
no longer affects: | linux-lts-saucy (Ubuntu) |
no longer affects: | linux-lts-raring (Ubuntu) |
no longer affects: | linux-lts-quantal (Ubuntu) |
no longer affects: | linux-fsl-imx51 (Ubuntu) |
no longer affects: | linux-ec2 (Ubuntu) |
no longer affects: | linux-armadaxp (Ubuntu) |
Changed in linux (Ubuntu Precise): | |
status: | Fix Released → New |
Changed in linux (Ubuntu Saucy): | |
status: | Fix Released → New |
Changed in linux (Ubuntu Trusty): | |
status: | Fix Released → New |
Changed in linux (Ubuntu Lucid): | |
status: | Fix Released → New |
Changed in linux (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Saucy): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Trusty): | |
status: | New → Fix Released |
description: | updated |
Changed in linux (Ubuntu Utopic): | |
status: | New → Invalid |
no longer affects: | linux (Ubuntu Saucy) |
no longer affects: | linux (Ubuntu Lucid) |
Changed in linux-lts-trusty (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-lts-trusty (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-lts-quantal (Ubuntu Wily): | |
status: | Fix Released → Invalid |
importance: | Undecided → High |
Changed in linux-lts-quantal (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-ti-omap4 (Ubuntu Wily): | |
status: | Fix Released → Invalid |
importance: | Undecided → High |
Changed in linux-ti-omap4 (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-lts-raring (Ubuntu Wily): | |
status: | Fix Released → Invalid |
importance: | Undecided → High |
Changed in linux-lts-raring (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-armadaxp (Ubuntu Wily): | |
status: | Fix Released → Invalid |
importance: | Undecided → High |
Changed in linux-armadaxp (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-mvl-dove (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-mvl-dove (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-lts-saucy (Ubuntu Wily): | |
status: | Fix Released → Invalid |
importance: | Undecided → High |
Changed in linux-lts-saucy (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-manta (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-manta (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-ec2 (Ubuntu Wily): | |
status: | Fix Released → Invalid |
importance: | Undecided → High |
Changed in linux-ec2 (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-lts-vivid (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-lts-vivid (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-mako (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-mako (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-fsl-imx51 (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-fsl-imx51 (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-lts-utopic (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-lts-utopic (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-goldfish (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-goldfish (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-flo (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-flo (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
no longer affects: | linux (Ubuntu Utopic) |
Changed in linux-raspi2 (Ubuntu Vivid): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in linux-raspi2 (Ubuntu Wily): | |
importance: | Undecided → High |
Changed in linux-raspi2 (Ubuntu Xenial): | |
importance: | Undecided → High |
To post a comment you must log in.
This bug was fixed in the package linux - 2.6.32-62.126
---------------
linux (2.6.32-62.126) lucid; urgency=low
[ Upstream Kernel Changes ]
* x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)
- LP: #1337339
- CVE-2014-4699
-- Luis Henriques <email address hidden> Fri, 04 Jul 2014 11:45:45 +0100