← Back to team overview

kernel-packages team mailing list archive

[Bug 1508323] [NEW] CVE-2013-7445

 

*** This bug is a security vulnerability ***

Public security bug reported:

The Direct Rendering Manager (DRM) subsystem in the Linux kernel through
4.x mishandles requests for Graphics Execution Manager (GEM) objects,
which allows context-dependent attackers to cause a denial of service
(memory consumption) via an application that processes graphics data, as
demonstrated by JavaScript code that creates many CANVAS elements for
rendering by Chrome or Firefox.

** Affects: linux (Ubuntu)
     Importance: High
         Status: New

** Affects: linux-armadaxp (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-ec2 (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-flo (Ubuntu)
     Importance: High
         Status: New

** Affects: linux-fsl-imx51 (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-goldfish (Ubuntu)
     Importance: High
         Status: New

** Affects: linux-lts-backport-maverick (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-lts-vivid (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-mako (Ubuntu)
     Importance: High
         Status: New

** Affects: linux-manta (Ubuntu)
     Importance: High
         Status: New

** Affects: linux-mvl-dove (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-armadaxp (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-ec2 (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-flo (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-goldfish (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-lts-raring (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-lts-saucy (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-lts-trusty (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-lts-utopic (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-lts-vivid (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-mako (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-manta (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux (Ubuntu Trusty)
     Importance: High
         Status: New

** Affects: linux-armadaxp (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-flo (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-goldfish (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu Trusty)
     Importance: High
         Status: New

** Affects: linux-lts-vivid (Ubuntu Trusty)
     Importance: High
         Status: New

** Affects: linux-mako (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-manta (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux (Ubuntu Vivid)
     Importance: High
         Status: New

** Affects: linux-armadaxp (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-flo (Ubuntu Vivid)
     Importance: High
         Status: New

** Affects: linux-fsl-imx51 (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-goldfish (Ubuntu Vivid)
     Importance: High
         Status: New

** Affects: linux-lts-backport-maverick (Ubuntu Vivid)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Vivid)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-vivid (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-mako (Ubuntu Vivid)
     Importance: High
         Status: New

** Affects: linux-manta (Ubuntu Vivid)
     Importance: High
         Status: New

** Affects: linux-mvl-dove (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux (Ubuntu Wily)
     Importance: High
         Status: New

** Affects: linux-armadaxp (Ubuntu Wily)
     Importance: High
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Wily)
     Importance: High
         Status: Invalid

** Affects: linux-flo (Ubuntu Wily)
     Importance: High
         Status: New

** Affects: linux-fsl-imx51 (Ubuntu Wily)
     Importance: High
         Status: Invalid

** Affects: linux-goldfish (Ubuntu Wily)
     Importance: High
         Status: New

** Affects: linux-lts-backport-maverick (Ubuntu Wily)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Wily)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Wily)
     Importance: High
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Wily)
     Importance: High
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Wily)
     Importance: High
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Wily)
     Importance: High
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu Wily)
     Importance: High
         Status: Invalid

** Affects: linux-lts-vivid (Ubuntu Wily)
     Importance: High
         Status: Invalid

** Affects: linux-mako (Ubuntu Wily)
     Importance: High
         Status: New

** Affects: linux-manta (Ubuntu Wily)
     Importance: High
         Status: New

** Affects: linux-mvl-dove (Ubuntu Wily)
     Importance: High
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Wily)
     Importance: High
         Status: Invalid


** Tags: kernel-cve-tracking-bug

** Tags added: kernel-cve-tracking-bug

** Information type changed from Public to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7445

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1508323

Title:
  CVE-2013-7445

Status in linux package in Ubuntu:
  New
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-ec2 package in Ubuntu:
  Invalid
Status in linux-flo package in Ubuntu:
  New
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-lts-backport-maverick package in Ubuntu:
  New
Status in linux-lts-backport-natty package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-lts-vivid package in Ubuntu:
  Invalid
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  New
Status in linux-mvl-dove package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Precise:
  New
Status in linux-armadaxp source package in Precise:
  New
Status in linux-ec2 source package in Precise:
  Invalid
Status in linux-flo source package in Precise:
  Invalid
Status in linux-fsl-imx51 source package in Precise:
  Invalid
Status in linux-goldfish source package in Precise:
  Invalid
Status in linux-lts-backport-maverick source package in Precise:
  New
Status in linux-lts-backport-natty source package in Precise:
  New
Status in linux-lts-quantal source package in Precise:
  New
Status in linux-lts-raring source package in Precise:
  New
Status in linux-lts-saucy source package in Precise:
  New
Status in linux-lts-trusty source package in Precise:
  New
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-lts-vivid source package in Precise:
  Invalid
Status in linux-mako source package in Precise:
  Invalid
Status in linux-manta source package in Precise:
  Invalid
Status in linux-mvl-dove source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  New
Status in linux source package in Trusty:
  New
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-ec2 source package in Trusty:
  Invalid
Status in linux-flo source package in Trusty:
  Invalid
Status in linux-fsl-imx51 source package in Trusty:
  Invalid
Status in linux-goldfish source package in Trusty:
  Invalid
Status in linux-lts-backport-maverick source package in Trusty:
  New
Status in linux-lts-backport-natty source package in Trusty:
  New
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  New
Status in linux-lts-vivid source package in Trusty:
  New
Status in linux-mako source package in Trusty:
  Invalid
Status in linux-manta source package in Trusty:
  Invalid
Status in linux-mvl-dove source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux source package in Vivid:
  New
Status in linux-armadaxp source package in Vivid:
  Invalid
Status in linux-ec2 source package in Vivid:
  Invalid
Status in linux-flo source package in Vivid:
  New
Status in linux-fsl-imx51 source package in Vivid:
  Invalid
Status in linux-goldfish source package in Vivid:
  New
Status in linux-lts-backport-maverick source package in Vivid:
  New
Status in linux-lts-backport-natty source package in Vivid:
  New
Status in linux-lts-quantal source package in Vivid:
  Invalid
Status in linux-lts-raring source package in Vivid:
  Invalid
Status in linux-lts-saucy source package in Vivid:
  Invalid
Status in linux-lts-trusty source package in Vivid:
  Invalid
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux-lts-vivid source package in Vivid:
  Invalid
Status in linux-mako source package in Vivid:
  New
Status in linux-manta source package in Vivid:
  New
Status in linux-mvl-dove source package in Vivid:
  Invalid
Status in linux-ti-omap4 source package in Vivid:
  Invalid
Status in linux source package in Wily:
  New
Status in linux-armadaxp source package in Wily:
  Invalid
Status in linux-ec2 source package in Wily:
  Invalid
Status in linux-flo source package in Wily:
  New
Status in linux-fsl-imx51 source package in Wily:
  Invalid
Status in linux-goldfish source package in Wily:
  New
Status in linux-lts-backport-maverick source package in Wily:
  New
Status in linux-lts-backport-natty source package in Wily:
  New
Status in linux-lts-quantal source package in Wily:
  Invalid
Status in linux-lts-raring source package in Wily:
  Invalid
Status in linux-lts-saucy source package in Wily:
  Invalid
Status in linux-lts-trusty source package in Wily:
  Invalid
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux-lts-vivid source package in Wily:
  Invalid
Status in linux-mako source package in Wily:
  New
Status in linux-manta source package in Wily:
  New
Status in linux-mvl-dove source package in Wily:
  Invalid
Status in linux-ti-omap4 source package in Wily:
  Invalid

Bug description:
  The Direct Rendering Manager (DRM) subsystem in the Linux kernel
  through 4.x mishandles requests for Graphics Execution Manager (GEM)
  objects, which allows context-dependent attackers to cause a denial of
  service (memory consumption) via an application that processes
  graphics data, as demonstrated by JavaScript code that creates many
  CANVAS elements for rendering by Chrome or Firefox.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1508323/+subscriptions


Follow ups