← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #119845

[Bug 987566] Re: CVE-2012-2119

  Thread PreviousDate PreviousThread Next 
** Description changed:

- Currently we do not validate the vector length before calling
- get_user_pages_fast(), host stack could be easily overflowed by
- malicious guest driver who gives us a descriptors with length greater
- than MAX_SKB_FRAGS.  A privileged guest user could use this flaw to
- induce stack overflow on the host with attacker non-controlled data
- (some bits can be guessed, as it will be pointers to kernel memory) but
- with attacker controlled length.
+ Buffer overflow in the macvtap device driver in the Linux kernel before
+ 3.4.5, when running in certain configurations, allows privileged KVM guest
+ users to cause a denial of service (crash) via a long descriptor with a
+ long vector length.
  
- Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 - 3afc9621f15701c557e60f61eba9242bac2771dd
- Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 - 4ef67ebedffa44ed9939b34708ac2fee06d2f65f
- Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 - 02ce04bb3d28c3333231f43bca677228dbc686fe
- Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 - 01d6657b388438def19c8baaea28e742b6ed32ec
- Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 - b92946e2919134ebe2a4083e4302236295ea2a73
+ Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 3afc9621f15701c557e60f61eba9242bac2771dd
+ Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 4ef67ebedffa44ed9939b34708ac2fee06d2f65f
+ Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 02ce04bb3d28c3333231f43bca677228dbc686fe
+ Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 01d6657b388438def19c8baaea28e742b6ed32ec
+ Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 b92946e2919134ebe2a4083e4302236295ea2a73

** Changed in: linux (Ubuntu Lucid)
       Status: In Progress => Invalid

** Changed in: linux-ec2 (Ubuntu Lucid)
       Status: New => Invalid

** Changed in: linux-fsl-imx51 (Ubuntu Lucid)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/987566

Title:
  CVE-2012-2119

Status in linux package in Ubuntu:
  Invalid
Status in linux-armadaxp package in Ubuntu:
  Fix Released
Status in linux-ec2 package in Ubuntu:
  Invalid
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-lts-backport-maverick package in Ubuntu:
  Invalid
Status in linux-lts-backport-natty package in Ubuntu:
  Invalid
Status in linux-lts-backport-oneiric package in Ubuntu:
  Invalid
Status in linux-mvl-dove package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Lucid:
  Invalid
Status in linux-armadaxp source package in Lucid:
  Invalid
Status in linux-ec2 source package in Lucid:
  Invalid
Status in linux-fsl-imx51 source package in Lucid:
  Invalid
Status in linux-lts-backport-maverick source package in Lucid:
  Invalid
Status in linux-lts-backport-natty source package in Lucid:
  Won't Fix
Status in linux-lts-backport-oneiric source package in Lucid:
  Won't Fix
Status in linux-mvl-dove source package in Lucid:
  Invalid
Status in linux-ti-omap4 source package in Lucid:
  Invalid
Status in linux source package in Natty:
  Won't Fix
Status in linux-armadaxp source package in Natty:
  Invalid
Status in linux-ec2 source package in Natty:
  Invalid
Status in linux-fsl-imx51 source package in Natty:
  Invalid
Status in linux-lts-backport-maverick source package in Natty:
  Invalid
Status in linux-lts-backport-natty source package in Natty:
  Invalid
Status in linux-lts-backport-oneiric source package in Natty:
  Invalid
Status in linux-mvl-dove source package in Natty:
  Invalid
Status in linux-ti-omap4 source package in Natty:
  Won't Fix
Status in linux source package in Oneiric:
  Won't Fix
Status in linux-armadaxp source package in Oneiric:
  Invalid
Status in linux-ec2 source package in Oneiric:
  Invalid
Status in linux-fsl-imx51 source package in Oneiric:
  Invalid
Status in linux-lts-backport-maverick source package in Oneiric:
  Invalid
Status in linux-lts-backport-natty source package in Oneiric:
  Invalid
Status in linux-lts-backport-oneiric source package in Oneiric:
  Invalid
Status in linux-mvl-dove source package in Oneiric:
  Invalid
Status in linux-ti-omap4 source package in Oneiric:
  Won't Fix
Status in linux source package in Precise:
  Fix Released
Status in linux-armadaxp source package in Precise:
  Fix Released
Status in linux-ec2 source package in Precise:
  Invalid
Status in linux-fsl-imx51 source package in Precise:
  Invalid
Status in linux-lts-backport-maverick source package in Precise:
  Invalid
Status in linux-lts-backport-natty source package in Precise:
  Invalid
Status in linux-lts-backport-oneiric source package in Precise:
  Invalid
Status in linux-mvl-dove source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Fix Released
Status in linux source package in Quantal:
  Invalid
Status in linux-armadaxp source package in Quantal:
  Fix Released
Status in linux-ec2 source package in Quantal:
  Invalid
Status in linux-fsl-imx51 source package in Quantal:
  Invalid
Status in linux-lts-backport-maverick source package in Quantal:
  Invalid
Status in linux-lts-backport-natty source package in Quantal:
  Invalid
Status in linux-lts-backport-oneiric source package in Quantal:
  Invalid
Status in linux-mvl-dove source package in Quantal:
  Invalid
Status in linux-ti-omap4 source package in Quantal:
  Invalid
Status in linux source package in Hardy:
  Won't Fix
Status in linux-armadaxp source package in Hardy:
  Invalid
Status in linux-ec2 source package in Hardy:
  Invalid
Status in linux-fsl-imx51 source package in Hardy:
  Invalid
Status in linux-lts-backport-maverick source package in Hardy:
  Invalid
Status in linux-lts-backport-natty source package in Hardy:
  Invalid
Status in linux-lts-backport-oneiric source package in Hardy:
  Invalid
Status in linux-mvl-dove source package in Hardy:
  Invalid
Status in linux-ti-omap4 source package in Hardy:
  Invalid

Bug description:
  Buffer overflow in the macvtap device driver in the Linux kernel before
  3.4.5, when running in certain configurations, allows privileged KVM guest
  users to cause a denial of service (crash) via a long descriptor with a
  long vector length.

  Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 3afc9621f15701c557e60f61eba9242bac2771dd
  Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 4ef67ebedffa44ed9939b34708ac2fee06d2f65f
  Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 02ce04bb3d28c3333231f43bca677228dbc686fe
  Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 01d6657b388438def19c8baaea28e742b6ed32ec
  Break-Fix: 97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2 b92946e2919134ebe2a4083e4302236295ea2a73

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/987566/+subscriptions
  Thread PreviousDate PreviousThread Next