CVE-2014-0038
Bug #1274349 reported by
John Johansen
This bug affects 5 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
| Lucid |
Invalid
|
Critical
|
Unassigned | ||
| Precise |
Invalid
|
Critical
|
Unassigned | ||
| Quantal |
Invalid
|
Critical
|
Unassigned | ||
| Saucy |
Fix Released
|
Critical
|
Unassigned | ||
| Trusty |
Fix Released
|
Critical
|
Unassigned | ||
| linux-armadaxp (Ubuntu) |
Invalid
|
Critical
|
Unassigned | ||
| Lucid |
Invalid
|
Critical
|
Unassigned | ||
| Precise |
Invalid
|
Critical
|
Unassigned | ||
| Quantal |
Invalid
|
Critical
|
Unassigned | ||
| Saucy |
Invalid
|
Critical
|
Unassigned | ||
| Trusty |
Invalid
|
Critical
|
Unassigned | ||
| linux-ec2 (Ubuntu) |
Invalid
|
Critical
|
Unassigned | ||
| Lucid |
Invalid
|
Critical
|
Unassigned | ||
| Precise |
Invalid
|
Critical
|
Unassigned | ||
| Quantal |
Invalid
|
Critical
|
Unassigned | ||
| Saucy |
Invalid
|
Critical
|
Unassigned | ||
| Trusty |
Invalid
|
Critical
|
Unassigned | ||
| linux-fsl-imx51 (Ubuntu) |
Invalid
|
Critical
|
Unassigned | ||
| Lucid |
Invalid
|
Critical
|
Unassigned | ||
| Precise |
Invalid
|
Critical
|
Unassigned | ||
| Quantal |
Invalid
|
Critical
|
Unassigned | ||
| Saucy |
Invalid
|
Critical
|
Unassigned | ||
| Trusty |
Invalid
|
Critical
|
Unassigned | ||
| linux-lts-quantal (Ubuntu) |
Invalid
|
Critical
|
Unassigned | ||
| Lucid |
Invalid
|
Critical
|
Unassigned | ||
| Precise |
Invalid
|
Critical
|
Unassigned | ||
| Quantal |
Invalid
|
Critical
|
Unassigned | ||
| Saucy |
Invalid
|
Critical
|
Unassigned | ||
| Trusty |
Invalid
|
Critical
|
Unassigned | ||
| linux-lts-raring (Ubuntu) |
Invalid
|
Critical
|
Unassigned | ||
| Lucid |
Invalid
|
Critical
|
Unassigned | ||
| Precise |
Fix Released
|
Critical
|
Unassigned | ||
| Quantal |
Invalid
|
Critical
|
Unassigned | ||
| Saucy |
Invalid
|
Critical
|
Unassigned | ||
| Trusty |
Invalid
|
Critical
|
Unassigned | ||
| linux-lts-saucy (Ubuntu) |
Invalid
|
Critical
|
Unassigned | ||
| Lucid |
Invalid
|
Critical
|
Unassigned | ||
| Precise |
Fix Released
|
Critical
|
Unassigned | ||
| Quantal |
Invalid
|
Critical
|
Unassigned | ||
| Saucy |
Invalid
|
Critical
|
Unassigned | ||
| Trusty |
Invalid
|
Critical
|
Unassigned | ||
| linux-mvl-dove (Ubuntu) |
Invalid
|
Critical
|
Unassigned | ||
| Lucid |
Invalid
|
Critical
|
Unassigned | ||
| Precise |
Invalid
|
Critical
|
Unassigned | ||
| Quantal |
Invalid
|
Critical
|
Unassigned | ||
| Saucy |
Invalid
|
Critical
|
Unassigned | ||
| Trusty |
Invalid
|
Critical
|
Unassigned | ||
| linux-ti-omap4 (Ubuntu) |
Invalid
|
Critical
|
Unassigned | ||
| Lucid |
Invalid
|
Critical
|
Unassigned | ||
| Precise |
Invalid
|
Critical
|
Unassigned | ||
| Quantal |
Invalid
|
Critical
|
Unassigned | ||
| Saucy |
Invalid
|
Critical
|
Unassigned | ||
| Trusty |
Invalid
|
Critical
|
Unassigned | ||
Bug Description
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before
3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain
privileges via a recvmmsg system call with a crafted timeout pointer
parameter.
Break-Fix: ee4fa23c4bfcc63
CVE References
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in linux (Ubuntu Saucy): | |
| status: | New → Fix Released |
| status: | New → Fix Released |
| information type: | Private Security → Public Security |
| Changed in linux (Ubuntu Precise): | |
| status: | New → Invalid |
| Changed in linux-lts-raring (Ubuntu Precise): | |
| status: | New → Fix Released |
| Changed in linux-lts-raring (Ubuntu Saucy): | |
| status: | New → Invalid |
| Changed in linux-lts-raring (Ubuntu Trusty): | |
| status: | New → Invalid |
| Changed in linux-lts-saucy (Ubuntu Precise): | |
| status: | New → Fix Released |
| Changed in linux-lts-saucy (Ubuntu Saucy): | |
| status: | New → Invalid |
| Changed in linux-lts-saucy (Ubuntu Trusty): | |
| status: | New → Invalid |
Revision history for this message
| Brad Figg (brad-figg) wrote Missing required logs. | #3 |
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
| Changed in linux (Ubuntu Trusty): | |
| status: | Incomplete → New |
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
| tags: | added: bot-stop-nagging |
| Changed in linux (Ubuntu Trusty): | |
| status: | Incomplete → Confirmed |
| Changed in linux-armadaxp (Ubuntu Precise): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-armadaxp (Ubuntu Saucy): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-armadaxp (Ubuntu Lucid): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-armadaxp (Ubuntu Trusty): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-armadaxp (Ubuntu Quantal): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-ec2 (Ubuntu Precise): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-ec2 (Ubuntu Saucy): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-ec2 (Ubuntu Lucid): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-ec2 (Ubuntu Trusty): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-ec2 (Ubuntu Quantal): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-lts-quantal (Ubuntu Precise): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-lts-quantal (Ubuntu Saucy): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-lts-quantal (Ubuntu Lucid): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-lts-quantal (Ubuntu Trusty): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-lts-quantal (Ubuntu Quantal): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-mvl-dove (Ubuntu Precise): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-mvl-dove (Ubuntu Saucy): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-mvl-dove (Ubuntu Lucid): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-mvl-dove (Ubuntu Trusty): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-mvl-dove (Ubuntu Quantal): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-lts-saucy (Ubuntu Precise): | |
| importance: | Undecided → Critical |
| Changed in linux-lts-saucy (Ubuntu Saucy): | |
| importance: | Undecided → Critical |
| Changed in linux-lts-saucy (Ubuntu Lucid): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-lts-saucy (Ubuntu Trusty): | |
| importance: | Undecided → Critical |
| Changed in linux-lts-saucy (Ubuntu Quantal): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux (Ubuntu Precise): | |
| importance: | Undecided → Critical |
| Changed in linux (Ubuntu Saucy): | |
| importance: | Undecided → Critical |
| Changed in linux (Ubuntu Lucid): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux (Ubuntu Trusty): | |
| importance: | Undecided → Critical |
| Changed in linux (Ubuntu Quantal): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-ti-omap4 (Ubuntu Precise): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-ti-omap4 (Ubuntu Saucy): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-ti-omap4 (Ubuntu Lucid): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-ti-omap4 (Ubuntu Trusty): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-ti-omap4 (Ubuntu Quantal): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-fsl-imx51 (Ubuntu Precise): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-fsl-imx51 (Ubuntu Saucy): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-fsl-imx51 (Ubuntu Trusty): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-fsl-imx51 (Ubuntu Quantal): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-lts-raring (Ubuntu Precise): | |
| importance: | Undecided → Critical |
| Changed in linux-lts-raring (Ubuntu Saucy): | |
| importance: | Undecided → Critical |
| Changed in linux-lts-raring (Ubuntu Lucid): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| Changed in linux-lts-raring (Ubuntu Trusty): | |
| importance: | Undecided → Critical |
| Changed in linux-lts-raring (Ubuntu Quantal): | |
| status: | New → Invalid |
| importance: | Undecided → Critical |
| description: | updated |
Revision history for this message
| Sebastian Unger (sebunger44) wrote Re: Fix-compat_sys_recvmsg-on-x32-archs | #5 |
Revision history for this message
| John Johansen (jjohansen) wrote Re: Fix-compat_sys_recvmmsg-on-x32-archs | #6 |
| summary: |
- Fix-compat_sys_recvmsg-on-x32-archs + Fix-compat_sys_recvmmsg-on-x32-archs |
Revision history for this message
| Andy Whitcroft (apw) wrote | #7 |
| Changed in linux (Ubuntu Trusty): | |
| status: | Confirmed → Fix Committed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #8 |
| Changed in linux (Ubuntu Trusty): | |
| status: | Fix Committed → Fix Released |
| summary: |
- Fix-compat_sys_recvmmsg-on-x32-archs + CVE-2014-0038 |
| description: | updated |
To post a comment you must log in.
This bug was fixed in the package linux - 3.11.0-15.25
---------------
linux (3.11.0-15.25) saucy; urgency=low
[ John Johansen ]
* SAUCE: Fix compat_sys_recvmsg on x32 archs
- LP: #1274349
-- Brad Figg <email address hidden> Thu, 30 Jan 2014 08:13:36 -0800