← Back to team overview

kernel-packages team mailing list archive

[Bug 1216442] Re: CVE-2013-4254

 

This bug was fixed in the package linux - 3.8.0-31.46

---------------
linux (3.8.0-31.46) raring; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1223406

  * UBUNTU: [Config] KUSER_HELPERS=y for armhf

  [ Upstream Kernel Changes ]

  * Revert "cpuidle: Quickly notice prediction failure in general case"
    - LP: #1221794
  * Revert "cpuidle: Quickly notice prediction failure for repeat mode"
    - LP: #1221794
  * Revert "zram: use zram->lock to protect zram_free_page() in swap free
    notify path"
    - LP: #1215513
  * x86 thermal: Delete power-limit-notification console messages
    - LP: #1215748
  * x86 thermal: Disable power limit notification interrupt by default
    - LP: #1215748
  * mwifiex: do not create AP and P2P interfaces upon driver loading
    - LP: #1212720
  * ARM: 7810/1: perf: Fix array out of bounds access in
    armpmu_map_hw_event()
    - LP: #1216442
    - CVE-2013-4254
  * ARM: 7809/1: perf: fix event validation for software group leaders
    - LP: #1216442
    - CVE-2013-4254
  * veth: reduce stat overhead
    - LP: #1201869
  * veth: extend device features
    - LP: #1201869
  * veth: avoid a NULL deref in veth_stats_one
    - LP: #1201869
  * veth: fix a NULL deref in netif_carrier_off
    - LP: #1201869
  * veth: fix NULL dereference in veth_dellink()
    - LP: #1201869
  * Bluetooth: Add support for Atheros [0cf3:3121]
    - LP: #1202477
  * uvcvideo: quirk PROBE_DEF for Dell SP2008WFP monitor.
    - LP: #1217957
  * usb: dwc3: gadget: don't prevent gadget from being probed if we fail
    - LP: #1221794
  * usb: dwc3: fix wrong bit mask in dwc3_event_type
    - LP: #1221794
  * ASoC: max98088 - fix element type of the register cache.
    - LP: #1221794
  * ata: Fix DVD not dectected at some platform with Wellsburg PCH
    - LP: #1221794
  * Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration
    - LP: #1221794
  * ALSA: usb-audio: 6fire: return correct XRUN indication
    - LP: #1221794
  * usb: serial: cp210x: Add USB ID for Netgear Switches embedded serial
    adapter
    - LP: #1221794
  * USB: storage: Add MicroVault Flash Drive to unusual_devs
    - LP: #1221794
  * USB: misc: Add Manhattan Hi-Speed USB DVI Converter to sisusbvga
    - LP: #1221794
  * USB: option: append Petatel NP10T device to GSM modems list
    - LP: #1221794
  * usb: cp210x support SEL C662 Vendor/Device
    - LP: #1221794
  * USB: cp210x: add MMB and PI ZigBee USB Device Support
    - LP: #1221794
  * USB: EHCI: Fix resume signalling on remote wakeup
    - LP: #1221794
  * drm/radeon: fix endian issues with DP handling (v3)
    - LP: #1221794
  * drm/radeon: Another card with wrong primary dac adj
    - LP: #1221794
  * drm/radeon: improve dac adjust heuristics for legacy pdac
    - LP: #1221794
  * drm/radeon: fix combios tables on older cards
    - LP: #1221794
  * ARM: footbridge: fix overlapping PCI mappings
    - LP: #1221794
  * [SCSI] isci: Fix a race condition in the SSP task management path
    - LP: #1221794
  * [SCSI] qla2xxx: Properly set the tagging for commands.
    - LP: #1221794
  * [SCSI] sd: fix crash when UA received on DIF enabled device
    - LP: #1221794
  * nfsd: nfsd_open: when dentry_open returns an error do not propagate as
    struct file
    - LP: #1221794
  * USB: option: add D-Link DWM-152/C1 and DWM-156/C1
    - LP: #1221794
  * staging: comedi: COMEDI_CANCEL ioctl should wake up read/write
    - LP: #1221794
  * staging: comedi: fix a race between do_cmd_ioctl() and read/write
    - LP: #1221794
  * staging: android: logger: Correct write offset reset on error
    - LP: #1221794
  * usb: option: add TP-LINK MA260
    - LP: #1221794
  * USB: ti_usb_3410_5052: fix dynamic-id matching
    - LP: #1221794
  * usb: serial: option: Add ONYX 3G device support
    - LP: #1221794
  * md/raid10: remove use-after-free bug.
    - LP: #1221794
  * md/raid5: fix interaction of 'replace' and 'recovery'.
    - LP: #1221794
  * drm/i915: initialize gt_lock early with other spin locks
    - LP: #1221794
  * xhci: Avoid NULL pointer deref when host dies.
    - LP: #1221794
  * usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all controllers with
    xhci 1.0
    - LP: #1221794
  * xhci: fix null pointer dereference on ring_doorbell_for_active_rings
    - LP: #1221794
  * usb: serial: option: blacklist ONDA MT689DC QMI interface
    - LP: #1221794
  * usb: serial: option: add Olivetti Olicard 200
    - LP: #1221794
  * usb: serial: option.c: remove ONDA MT825UP product ID fromdriver
    - LP: #1221794
  * USB: mos7840: fix memory leak in open
    - LP: #1221794
  * usb: Clear both buffers when clearing a control transfer TT buffer.
    - LP: #1221794
  * nl80211: fix mgmt tx status and testmode reporting for netns
    - LP: #1221794
  * mac80211: fix ethtool stats for non-station interfaces
    - LP: #1221794
  * mac80211: fix duplicate retransmission detection
    - LP: #1221794
  * iwlwifi: mvm: refuse connection to APs with BI < 16
    - LP: #1221794
  * iwlwifi: add DELL SKU for 5150 HMC
    - LP: #1221794
  * ath9k_htc: do some initial hardware configuration
    - LP: #1221794
  * ath9k_htc: reboot firmware if it was loaded
    - LP: #1221794
  * ARM: 7790/1: Fix deferred mm switch on VIVT processors
    - LP: #1221794
  * ARM: 7791/1: a.out: remove partial a.out support
    - LP: #1221794
  * mwifiex: Add missing endian conversion.
    - LP: #1221794
  * USB: mos7840: fix race in register handling
    - LP: #1221794
  * USB: mos7840: fix device-type detection
    - LP: #1221794
  * USB: mos7840: fix race in led handling
    - LP: #1221794
  * serial/mxs-auart: fix race condition in interrupt handler
    - LP: #1221794
  * serial: mxs: fix buffer overflow
    - LP: #1221794
  * serial/mxs-auart: increase time to wait for transmitter to become idle
    - LP: #1221794
  * serial: arc_uart: Fix module alias
    - LP: #1221794
  * firewire: fix libdc1394/FlyCap2 iso event regression
    - LP: #1221794
  * USB: mos7840: fix pointer casts
    - LP: #1221794
  * ixgbe: Fix Tx Hang issue with lldpad on 82598EB
    - LP: #1221794
  * ALSA: compress: fix the return value for SNDRV_COMPRESS_VERSION
    - LP: #1221794
  * rt2x00: fix stop queue
    - LP: #1221794
  * USB: serial: ftdi_sio: add more RT Systems ftdi devices
    - LP: #1221794
  * drm/nouveau: fix semaphore dmabuf obj
    - LP: #1221794
  * ACPI / battery: Fix parsing _BIX return value
    - LP: #1221794
  * drm/radeon/atom: initialize more atom interpretor elements to 0
    - LP: #1221794
  * drm/i915: fix missed hunk after GT access breakage
    - LP: #1221794
  * ARM: poison the vectors page
    - LP: #1221794
  * ARM: poison memory between kuser helpers
    - LP: #1221794
  * ARM: move vector stubs
    - LP: #1221794
  * ARM: use linker magic for vectors and vector stubs
    - LP: #1221794
  * mm: mempolicy: fix mbind_range() && vma_adjust() interaction
    - LP: #1221794
  * powerpc/windfarm: Fix noisy slots-fan on Xserve (rm31)
    - LP: #1221794
  * drm/i915: Make data/link N value power of two
    - LP: #1221794
  * virtio/console: Quit from splice_write if pipe->nrbufs is 0
    - LP: #1221794
  * virtio/console: Add pipe_lock/unlock for splice_write
    - LP: #1221794
  * x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset
    - LP: #1221794
  * s390/bitops: fix find_next_bit_left
    - LP: #1221794
  * x86, fpu: correct the asm constraints for fxsave, unbreak mxcsr.daz
    - LP: #1221794
  * ext4: make sure group number is bumped after a inode allocation race
    - LP: #1221794
  * ext4: destroy ext4_es_cachep on module unload
    - LP: #1221794
  * virtio: console: fix race with port unplug and open/close
    - LP: #1221794
  * virtio: console: fix race in port_fops_open() and port unplug
    - LP: #1221794
  * virtio: console: clean up port data immediately at time of unplug
    - LP: #1221794
  * virtio: console: fix raising SIGIO after port unplug
    - LP: #1221794
  * virtio: console: return -ENODEV on all read operations after unplug
    - LP: #1221794
  * KVM: s390: move kvm_guest_enter,exit closer to sie
    - LP: #1221794
  * ext4: fix retry handling in ext4_ext_truncate()
    - LP: #1221794
  * spi: spi-davinci: Fix direction in dma_map_single()
    - LP: #1221794
  * [SCSI] megaraid_sas: megaraid_sas driver init fails in kdump kernel
    - LP: #1221794
  * ACPI / PM: Fix /proc/acpi/wakeup for devices w/o bus or parent
    - LP: #1221794
  * ACPI / PM: Walk physical_node_list under physical_node_lock
    - LP: #1221794
  * regmap: Add missing header for !CONFIG_REGMAP stubs
    - LP: #1221794
  * userns: unshare_userns(&cred) should not populate cred on failure
    - LP: #1221794
  * userns: limit the maximum depth of user_namespace->parent chain
    - LP: #1221794
  * drm/cirrus: Invalidate page tables when pinning a BO
    - LP: #1221794
  * drm/mgag200: Invalidate page tables when pinning a BO
    - LP: #1221794
  * drm/ast: invalidate page tables when pinning a BO
    - LP: #1221794
  * drm/i915: do not disable backlight on vgaswitcheroo switch off
    - LP: #1221794
  * ALSA: 6fire: fix DMA issues with URB transfer_buffer usage
    - LP: #1221794
  * drm: Don't pass negative delta to ktime_sub_ns()
    - LP: #1221794
  * ALSA: usb-audio: do not trust too-big wMaxPacketSize values
    - LP: #1221794
  * hwmon: (adt7470) Fix incorrect return code check
    - LP: #1221794
  * powerpc: On POWERNV enable PPC_DENORMALISATION by default
    - LP: #1221794
  * Btrfs: release both paths before logging dir/changed extents
    - LP: #1221794
  * sched: Ensure update_cfs_shares() is called for parents of
    continuously-running tasks
    - LP: #1221794
  * cifs: extend the buffer length enought for sprintf() using
    - LP: #1221794
  * perf/x86: Fix intel QPI uncore event definitions
    - LP: #1221794
  * cifs: don't instantiate new dentries in readdir for inodes that need to
    be revalidated immediately
    - LP: #1221794
  * ext4: allow the mount options nodelalloc and data=journal
    - LP: #1221794
  * ext4: fix mount/remount error messages for incompatible mount options
    - LP: #1221794
  * microblaze: fix clone syscall
    - LP: #1221794
  * fs/proc/task_mmu.c: fix buffer overflow in add_page_map()
    - LP: #1221794
  * arcnet: cleanup sizeof parameter
    - LP: #1221794
  * sysctl net: Keep tcp_syn_retries inside the boundary
    - LP: #1221794
  * ipv6: take rtnl_lock and mark mrt6 table as freed on namespace cleanup
    - LP: #1221794
  * usbnet: do not pretend to support SG/TSO
    - LP: #1221794
  * net_sched: Fix stack info leak in cbq_dump_wrr().
    - LP: #1221794
  * af_key: more info leaks in pfkey messages
    - LP: #1221794
  * atl1c: use custom skb allocator
    - LP: #1221794
  * net_sched: info leak in atm_tc_dump_class()
    - LP: #1221794
  * ndisc: Add missing inline to ndisc_addr_option_pad
    - LP: #1221794
  * 8139cp: Add dma_mapping_error checking
    - LP: #1221794
  * net/mlx4_core: VFs must ignore the enable_64b_cqe_eqe module param
    - LP: #1221794
  * Linux 3.8.13.7
    - LP: #1221794
  * mac80211: fix infinite loop in ieee80211_determine_chantype
    - LP: #1221794
  * cfg80211/mac80211: disconnect on suspend
    - LP: #1221794
  * cfg80211: fix P2P GO interface teardown
    - LP: #1221794
  * iwl4965: set power mode early
    - LP: #1221794
  * iwl4965: reset firmware after rfkill off
    - LP: #1221794
  * ASoC: cs42l52: Reorder Min/Max and update to SX_TLV for Beep Volume
    - LP: #1221794
  * can: pcan_usb: fix wrong memcpy() bytes length
    - LP: #1221794
  * ALSA: 6fire: make buffers DMA-able (pcm)
    - LP: #1221794
  * ALSA: 6fire: make buffers DMA-able (midi)
    - LP: #1221794
  * jbd2: Fix use after free after error in jbd2_journal_dirty_metadata()
    - LP: #1221794
  * USB: EHCI: accept very late isochronous URBs
    - LP: #1221794
  * USB-Serial: Fix error handling of usb_wwan
    - LP: #1221794
  * USB: mos7840: fix big-endian probe
    - LP: #1221794
  * USB: adutux: fix big-endian device-type reporting
    - LP: #1221794
  * USB: ti_usb_3410_5052: fix big-endian firmware handling
    - LP: #1221794
  * m68k/atari: ARAnyM - Fix NatFeat module support
    - LP: #1221794
  * m68k: Truncate base in do_div()
    - LP: #1221794
  * usb: add two quirky touchscreen
    - LP: #1221794
  * USB: mos7720: fix broken control requests
    - LP: #1221794
  * USB: keyspan: fix null-deref at disconnect and release
    - LP: #1221794
  * ASoC: tegra: fix Tegra30 I2S capture parameter setup
    - LP: #1221794
  * ALSA: hda - Add a fixup for Gateway LT27
    - LP: #1221794
  * mm: fix the TLB range flushed when __tlb_remove_page() runs out of
    slots
    - LP: #1221794
  * arch, mm: Remove tlb_fast_mode()
    - LP: #1221794
  * Fix TLB gather virtual address range invalidation corner cases
    - LP: #1221794
  * s390: Fix broken build
    - LP: #1221794
  * x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member
    - LP: #1221794
  * Bluetooth: Add support for Foxconn/Hon Hai [0489:e04d]
    - LP: #1221794
  * Bluetooth: ath3k: Add support for Fujitsu Lifebook UH5x2 [04c5:1330]
    - LP: #1221794
  * Bluetooth: ath3k: Add support for ID 0x13d3/0x3402
    - LP: #1221794
  * Bluetooth: Add support for Atheros [0cf3:e003]
    - LP: #1221794
  * iwlwifi: dvm: fix calling ieee80211_chswitch_done() with NULL
    - LP: #1221794
  * iwlwifi: pcie: disable L1 Active after pci_enable_device
    - LP: #1221794
  * zd1201: do not use stack as URB transfer_buffer
    - LP: #1221794
  * Hostap: copying wrong data prism2_ioctl_giwaplist()
    - LP: #1221794
  * ARM: at91/DT: fix at91sam9n12ek memory node
    - LP: #1221794
  * drm/i915: Move num_pipes to intel info
    - LP: #1221794
  * drm/i915: Don't deref pipe->cpu_transcoder in the hangcheck code
    - LP: #1221794
  * drm/i915: Invalidate TLBs for the rings after a reset
    - LP: #1221794
  * libata: apply behavioral quirks to sil3826 PMP
    - LP: #1221794
  * ARM: davinci: nand: specify ecc strength
    - LP: #1221794
  * ARM: allow kuser helpers to be removed from the vector page
    - LP: #1221794
  * ARM: 7816/1: CONFIG_KUSER_HELPERS: fix help text
    - LP: #1221794
  * arm64: perf: fix array out of bounds access in armpmu_map_hw_event()
    - LP: #1221794
  * arm64: perf: fix event validation for software group leaders
    - LP: #1221794
  * sata_fsl: save irqs while coalescing
    - LP: #1221794
  * xen/events: initialize local per-cpu mask for all possible events
    - LP: #1221794
  * xen/events: mask events when changing their VCPU binding
    - LP: #1221794
  * block: Add bio_for_each_segment_all()
    - LP: #1221794
  * [SCSI] sg: Fix user memory corruption when SG_IO is interrupted by a
    signal
    - LP: #1221794
  * of: fdt: fix memory initialization for expanded DT
    - LP: #1221794
  * [SCSI] zfcp: fix lock imbalance by reworking request queue locking
    - LP: #1221794
  * [SCSI] zfcp: fix schedule-inside-lock in scsi_device list loops
    - LP: #1221794
  * drivers/platform/olpc/olpc-ec.c: initialise earlier
    - LP: #1221794
  * nilfs2: remove double bio_put() in nilfs_end_bio_write() for
    BIO_EOPNOTSUPP error
    - LP: #1221794
  * nilfs2: fix issue with counting number of bio requests for
    BIO_EOPNOTSUPP error detection
    - LP: #1221794
  * Linux 3.8.13.8
    - LP: #1221794
  * drm/nouveau: fix reclocking on nv40
    - LP: #1222898
  * mfd: rtsx: Read vendor setting from config space
    - LP: #1201698

  [ Wen-chien Jesse Sung ]

  * SAUCE: Bluetooth: use hci_send_cmd instead of usb_control_msg
    - LP: #1065400
 -- Tim Gardner <tim.gardner@xxxxxxxxxxxxx>   Fri, 23 Aug 2013 09:00:39 -0600

** Changed in: linux-armadaxp (Ubuntu Quantal)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1216442

Title:
  CVE-2013-4254

Status in “linux” package in Ubuntu:
  Invalid
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  New
Status in “linux-lts-backport-natty” package in Ubuntu:
  New
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Fix Committed
Status in “linux” source package in Lucid:
  Invalid
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Invalid
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  New
Status in “linux-lts-backport-natty” source package in Lucid:
  New
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  New
Status in “linux-lts-backport-natty” source package in Precise:
  New
Status in “linux-lts-quantal” source package in Precise:
  Fix Released
Status in “linux-lts-raring” source package in Precise:
  Fix Released
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Released
Status in “linux” source package in Quantal:
  Fix Released
Status in “linux-armadaxp” source package in Quantal:
  Fix Released
Status in “linux-ec2” source package in Quantal:
  Invalid
Status in “linux-fsl-imx51” source package in Quantal:
  Invalid
Status in “linux-lts-backport-maverick” source package in Quantal:
  New
Status in “linux-lts-backport-natty” source package in Quantal:
  New
Status in “linux-lts-quantal” source package in Quantal:
  Invalid
Status in “linux-lts-raring” source package in Quantal:
  Invalid
Status in “linux-mvl-dove” source package in Quantal:
  Invalid
Status in “linux-ti-omap4” source package in Quantal:
  Fix Released
Status in “linux” source package in Raring:
  Fix Released
Status in “linux-armadaxp” source package in Raring:
  Invalid
Status in “linux-ec2” source package in Raring:
  Invalid
Status in “linux-fsl-imx51” source package in Raring:
  Invalid
Status in “linux-lts-backport-maverick” source package in Raring:
  New
Status in “linux-lts-backport-natty” source package in Raring:
  New
Status in “linux-lts-quantal” source package in Raring:
  Invalid
Status in “linux-lts-raring” source package in Raring:
  Invalid
Status in “linux-mvl-dove” source package in Raring:
  Invalid
Status in “linux-ti-omap4” source package in Raring:
  Fix Committed
Status in “linux” source package in Saucy:
  Invalid
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  New
Status in “linux-lts-backport-natty” source package in Saucy:
  New
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Fix Committed

Bug description:
  The validate_event function in arch/arm/kernel/perf_event.c in the
  Linux kernel before 3.10.8 on the ARM platform allows local users to
  gain privileges or cause a denial of service (NULL pointer dereference
  and system crash) by adding a hardware event to an event group led by
  a software event.

  Break-Fix: 84fee97a026ca085f08381054513f9e24689a303 d9f966357b14e356dbd83b8f4a197a287ab4ff83
  Break-Fix: 1b8873a0c6ec511870c106c80b94658f857c47f2 c95eb3184ea1a3a2551df57190c81da695e2144b

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1216442/+subscriptions


References