kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #102558
[Bug 1384539] Re: CVE-2014-3610
This bug was fixed in the package linux-ec2 - 2.6.32-375.92
---------------
linux-ec2 (2.6.32-375.92) lucid; urgency=low
[ Stefan Bader ]
* Rebased to Ubuntu-2.6.32-71.138
* Xen: x86, 64-bit: Move K8 B step iret fixup to fault entry asm
- LP: #1403918
* Xen: x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
- LP: #1403918
* Xen: x86-32, espfix: Remove filter for espfix32 due to race
- LP: #1403918
* Xen: x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit
stack
- LP: #1403918
* Xen: x86, espfix: Make espfix64 a Kconfig option, fix UML
- LP: #1403918
* Xen: x86, espfix: Make it possible to disable 16-bit support
- LP: #1403918
* Xen: x86_64/entry/xen: Do not invoke espfix64 on Xen
- LP: #1403918
* Xen: [Config] Enable CONFIG_X86_16BIT
* Rebased to Ubuntu-2.6.32-72.139
* Release Tracking Bug
- LP: #1411354
[ Ubuntu: 2.6.32-72.139 ]
* isofs: Fix infinite looping over CE entries
- LP: #1407947
- CVE-2014-9420
* x86/tls: Validate TLS entries to protect espfix
- LP: #1403852
- CVE-2014-8133
[ Ubuntu: 2.6.32-71.138 ]
* [Config] updateconfigs CONFIG_X86_16BIT=y after v2.6.32.65 update
* KVM: x86: Check non-canonical addresses upon WRMSR
- LP: #1384539
- CVE-2014-3610
* KVM: x86: Improve thread safety in pit
- LP: #1384540
- CVE-2014-3611
* net:socket: set msg_namelen to 0 if msg_name is passed as NULL in
msghdr struct from userland.
- LP: #1335478
* x86, 64-bit: Move K8 B step iret fixup to fault entry asm
- LP: #1403918
* x86-64: Adjust frame type at paranoid_exit:
- LP: #1403918
* x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
- LP: #1403918
* x86-32, espfix: Remove filter for espfix32 due to race
- LP: #1403918
* x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
- LP: #1403918
* x86, espfix: Move espfix definitions into a separate header file
- LP: #1403918
* x86, espfix: Fix broken header guard
- LP: #1403918
* x86, espfix: Make espfix64 a Kconfig option, fix UML
- LP: #1403918
* x86, espfix: Make it possible to disable 16-bit support
- LP: #1403918
* x86_64/entry/xen: Do not invoke espfix64 on Xen
- LP: #1403918
* x86/espfix/xen: Fix allocation of pages for paravirt page tables
- LP: #1403918
* x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
- LP: #1403918
* x86_64, traps: Rework bad_iret
- LP: #1403918
-- Stefan Bader <stefan.bader@xxxxxxxxxxxxx> Thu, 18 Dec 2014 18:20:27 +0100
** Changed in: linux-ec2 (Ubuntu Lucid)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-8133
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9420
** Changed in: linux-ec2 (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1384539
Title:
CVE-2014-3610
Status in linux package in Ubuntu:
Fix Released
Status in linux-armadaxp package in Ubuntu:
Invalid
Status in linux-ec2 package in Ubuntu:
Invalid
Status in linux-flo package in Ubuntu:
New
Status in linux-fsl-imx51 package in Ubuntu:
Invalid
Status in linux-goldfish package in Ubuntu:
New
Status in linux-lts-backport-maverick package in Ubuntu:
New
Status in linux-lts-backport-natty package in Ubuntu:
New
Status in linux-lts-quantal package in Ubuntu:
Invalid
Status in linux-lts-raring package in Ubuntu:
Invalid
Status in linux-lts-saucy package in Ubuntu:
Invalid
Status in linux-lts-trusty package in Ubuntu:
Invalid
Status in linux-lts-utopic package in Ubuntu:
Invalid
Status in linux-mako package in Ubuntu:
New
Status in linux-manta package in Ubuntu:
New
Status in linux-mvl-dove package in Ubuntu:
Invalid
Status in linux-ti-omap4 package in Ubuntu:
Invalid
Status in linux source package in Lucid:
Fix Released
Status in linux-armadaxp source package in Lucid:
Invalid
Status in linux-ec2 source package in Lucid:
Fix Released
Status in linux-flo source package in Lucid:
Invalid
Status in linux-fsl-imx51 source package in Lucid:
Invalid
Status in linux-goldfish source package in Lucid:
Invalid
Status in linux-lts-backport-maverick source package in Lucid:
New
Status in linux-lts-backport-natty source package in Lucid:
New
Status in linux-lts-quantal source package in Lucid:
Invalid
Status in linux-lts-raring source package in Lucid:
Invalid
Status in linux-lts-saucy source package in Lucid:
Invalid
Status in linux-lts-trusty source package in Lucid:
Invalid
Status in linux-lts-utopic source package in Lucid:
Invalid
Status in linux-mako source package in Lucid:
Invalid
Status in linux-manta source package in Lucid:
Invalid
Status in linux-mvl-dove source package in Lucid:
Invalid
Status in linux-ti-omap4 source package in Lucid:
Invalid
Status in linux source package in Precise:
Fix Released
Status in linux-armadaxp source package in Precise:
Fix Released
Status in linux-ec2 source package in Precise:
Invalid
Status in linux-flo source package in Precise:
Invalid
Status in linux-fsl-imx51 source package in Precise:
Invalid
Status in linux-goldfish source package in Precise:
Invalid
Status in linux-lts-backport-maverick source package in Precise:
New
Status in linux-lts-backport-natty source package in Precise:
New
Status in linux-lts-quantal source package in Precise:
Fix Committed
Status in linux-lts-raring source package in Precise:
Invalid
Status in linux-lts-saucy source package in Precise:
Fix Committed
Status in linux-lts-trusty source package in Precise:
Fix Released
Status in linux-lts-utopic source package in Precise:
Invalid
Status in linux-mako source package in Precise:
Invalid
Status in linux-manta source package in Precise:
Invalid
Status in linux-mvl-dove source package in Precise:
Invalid
Status in linux-ti-omap4 source package in Precise:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux-armadaxp source package in Trusty:
Invalid
Status in linux-ec2 source package in Trusty:
Invalid
Status in linux-flo source package in Trusty:
Invalid
Status in linux-fsl-imx51 source package in Trusty:
Invalid
Status in linux-goldfish source package in Trusty:
Invalid
Status in linux-lts-backport-maverick source package in Trusty:
New
Status in linux-lts-backport-natty source package in Trusty:
New
Status in linux-lts-quantal source package in Trusty:
Invalid
Status in linux-lts-raring source package in Trusty:
Invalid
Status in linux-lts-saucy source package in Trusty:
Invalid
Status in linux-lts-trusty source package in Trusty:
Invalid
Status in linux-lts-utopic source package in Trusty:
Invalid
Status in linux-mako source package in Trusty:
Invalid
Status in linux-manta source package in Trusty:
Invalid
Status in linux-mvl-dove source package in Trusty:
Invalid
Status in linux-ti-omap4 source package in Trusty:
Invalid
Status in linux source package in Utopic:
Fix Released
Status in linux-armadaxp source package in Utopic:
Invalid
Status in linux-ec2 source package in Utopic:
Invalid
Status in linux-flo source package in Utopic:
New
Status in linux-fsl-imx51 source package in Utopic:
Invalid
Status in linux-goldfish source package in Utopic:
New
Status in linux-lts-backport-maverick source package in Utopic:
New
Status in linux-lts-backport-natty source package in Utopic:
New
Status in linux-lts-quantal source package in Utopic:
Invalid
Status in linux-lts-raring source package in Utopic:
Invalid
Status in linux-lts-saucy source package in Utopic:
Invalid
Status in linux-lts-trusty source package in Utopic:
Invalid
Status in linux-lts-utopic source package in Utopic:
Invalid
Status in linux-mako source package in Utopic:
New
Status in linux-manta source package in Utopic:
New
Status in linux-mvl-dove source package in Utopic:
Invalid
Status in linux-ti-omap4 source package in Utopic:
Invalid
Status in linux source package in Vivid:
Fix Released
Status in linux-armadaxp source package in Vivid:
Invalid
Status in linux-ec2 source package in Vivid:
Invalid
Status in linux-flo source package in Vivid:
New
Status in linux-fsl-imx51 source package in Vivid:
Invalid
Status in linux-goldfish source package in Vivid:
New
Status in linux-lts-backport-maverick source package in Vivid:
New
Status in linux-lts-backport-natty source package in Vivid:
New
Status in linux-lts-quantal source package in Vivid:
Invalid
Status in linux-lts-raring source package in Vivid:
Invalid
Status in linux-lts-saucy source package in Vivid:
Invalid
Status in linux-lts-trusty source package in Vivid:
Invalid
Status in linux-lts-utopic source package in Vivid:
Invalid
Status in linux-mako source package in Vivid:
New
Status in linux-manta source package in Vivid:
New
Status in linux-mvl-dove source package in Vivid:
Invalid
Status in linux-ti-omap4 source package in Vivid:
Invalid
Bug description:
The WRMSR processing functionality in the KVM subsystem in the Linux
kernel through 3.17.2 does not properly handle the writing of a non-
canonical address to a model-specific register, which allows guest OS
users to cause a denial of service (host OS crash) by leveraging guest
OS privileges, related to the wrmsr_interception function in
arch/x86/kvm/svm.c and the handle_wrmsr function in
arch/x86/kvm/vmx.c. A privileged guest user can use this flaw to crash
the host. Enabling CONFIG_PARAVIRT when building the kernel mitigates
this issue because wrmsrl() ends up invoking safe msr write variant.
Break-Fix: - 854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1384539/+subscriptions
References