kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #125831
[Bug 1274349] Re: CVE-2014-0038
** Summary changed:
- Fix-compat_sys_recvmmsg-on-x32-archs
+ CVE-2014-0038
** Description changed:
- The timeout pointer parameter is provided by userland (hence the __user
- annotation) but for x32 syscalls it's simply cast to a kernel pointer
- and is passed to __sys_recvmmsg which will eventually directly
- dereference it for both reading and writing. Other callers to
- __sys_recvmmsg properly copy from userland to the kernel first. The
- impact is a sort of arbitrary kernel write-where-what primitive by
- unprivileged users where the to-be-written area must contain valid
- timespec data initially (the first 64 bit long field must be positive
- and the second one must be < 1G).
+ The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before
+ 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain
+ privileges via a recvmmsg system call with a crafted timeout pointer
+ parameter.
Break-Fix: ee4fa23c4bfcc635d077a9633d405610de45bc70
2def2ef2ae5f3990aabdbe8a755911902707d268
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1274349
Title:
CVE-2014-0038
Status in linux package in Ubuntu:
Fix Released
Status in linux-armadaxp package in Ubuntu:
Invalid
Status in linux-ec2 package in Ubuntu:
Invalid
Status in linux-fsl-imx51 package in Ubuntu:
Invalid
Status in linux-lts-quantal package in Ubuntu:
Invalid
Status in linux-lts-raring package in Ubuntu:
Invalid
Status in linux-lts-saucy package in Ubuntu:
Invalid
Status in linux-mvl-dove package in Ubuntu:
Invalid
Status in linux-ti-omap4 package in Ubuntu:
Invalid
Status in linux source package in Lucid:
Invalid
Status in linux-armadaxp source package in Lucid:
Invalid
Status in linux-ec2 source package in Lucid:
Invalid
Status in linux-fsl-imx51 source package in Lucid:
Invalid
Status in linux-lts-quantal source package in Lucid:
Invalid
Status in linux-lts-raring source package in Lucid:
Invalid
Status in linux-lts-saucy source package in Lucid:
Invalid
Status in linux-mvl-dove source package in Lucid:
Invalid
Status in linux-ti-omap4 source package in Lucid:
Invalid
Status in linux source package in Precise:
Invalid
Status in linux-armadaxp source package in Precise:
Invalid
Status in linux-ec2 source package in Precise:
Invalid
Status in linux-fsl-imx51 source package in Precise:
Invalid
Status in linux-lts-quantal source package in Precise:
Invalid
Status in linux-lts-raring source package in Precise:
Fix Released
Status in linux-lts-saucy source package in Precise:
Fix Released
Status in linux-mvl-dove source package in Precise:
Invalid
Status in linux-ti-omap4 source package in Precise:
Invalid
Status in linux source package in Quantal:
Invalid
Status in linux-armadaxp source package in Quantal:
Invalid
Status in linux-ec2 source package in Quantal:
Invalid
Status in linux-fsl-imx51 source package in Quantal:
Invalid
Status in linux-lts-quantal source package in Quantal:
Invalid
Status in linux-lts-raring source package in Quantal:
Invalid
Status in linux-lts-saucy source package in Quantal:
Invalid
Status in linux-mvl-dove source package in Quantal:
Invalid
Status in linux-ti-omap4 source package in Quantal:
Invalid
Status in linux source package in Saucy:
Fix Released
Status in linux-armadaxp source package in Saucy:
Invalid
Status in linux-ec2 source package in Saucy:
Invalid
Status in linux-fsl-imx51 source package in Saucy:
Invalid
Status in linux-lts-quantal source package in Saucy:
Invalid
Status in linux-lts-raring source package in Saucy:
Invalid
Status in linux-lts-saucy source package in Saucy:
Invalid
Status in linux-mvl-dove source package in Saucy:
Invalid
Status in linux-ti-omap4 source package in Saucy:
Invalid
Status in linux source package in Trusty:
Fix Released
Status in linux-armadaxp source package in Trusty:
Invalid
Status in linux-ec2 source package in Trusty:
Invalid
Status in linux-fsl-imx51 source package in Trusty:
Invalid
Status in linux-lts-quantal source package in Trusty:
Invalid
Status in linux-lts-raring source package in Trusty:
Invalid
Status in linux-lts-saucy source package in Trusty:
Invalid
Status in linux-mvl-dove source package in Trusty:
Invalid
Status in linux-ti-omap4 source package in Trusty:
Invalid
Bug description:
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before
3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain
privileges via a recvmmsg system call with a crafted timeout pointer
parameter.
Break-Fix: ee4fa23c4bfcc635d077a9633d405610de45bc70
2def2ef2ae5f3990aabdbe8a755911902707d268
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1274349/+subscriptions