← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #43804

[Bug 1274349] Re: Fix-compat_sys_recvmmsg-on-x32-archs

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package linux - 3.13.0-7.26

---------------
linux (3.13.0-7.26) trusty; urgency=low

  [ John Johansen ]

  * SAUCE: apparmor: fix uninitialized lsm_audit membe
    - LP: #1268727
  * Add config option to optionally enable new apparmor 3 semantics

  [ Tim Gardner ]

  * [Config] Add lowlatency to getabis
  * [Config] CONFIG_SECURITY_APPARMOR_AA3_SEMANTICS=y
    - LP: #1270215
  * Release Tracking Bug
    - LP: #1276810

  [ Upstream Kernel Changes ]

  * x86, x32: Correct invalid use of user timespec in the kernel
    - LP: #1274349
    - CVE-2014-0038
 -- Tim Gardner <tim.gardner@xxxxxxxxxxxxx>   Wed, 05 Feb 2014 15:49:44 -0500

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1274349

Title:
  Fix-compat_sys_recvmmsg-on-x32-archs

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Invalid
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Invalid
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Invalid
Status in “linux-armadaxp” source package in Precise:
  Invalid
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-quantal” source package in Precise:
  Invalid
Status in “linux-lts-raring” source package in Precise:
  Fix Released
Status in “linux-lts-saucy” source package in Precise:
  Fix Released
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Invalid
Status in “linux” source package in Quantal:
  Invalid
Status in “linux-armadaxp” source package in Quantal:
  Invalid
Status in “linux-ec2” source package in Quantal:
  Invalid
Status in “linux-fsl-imx51” source package in Quantal:
  Invalid
Status in “linux-lts-quantal” source package in Quantal:
  Invalid
Status in “linux-lts-raring” source package in Quantal:
  Invalid
Status in “linux-lts-saucy” source package in Quantal:
  Invalid
Status in “linux-mvl-dove” source package in Quantal:
  Invalid
Status in “linux-ti-omap4” source package in Quantal:
  Invalid
Status in “linux” source package in Saucy:
  Fix Released
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Invalid
Status in “linux” source package in Trusty:
  Fix Released
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid

Bug description:
  The timeout pointer parameter is provided by userland (hence the
  __user annotation) but for x32 syscalls it's simply cast to a kernel
  pointer and is passed to __sys_recvmmsg which will eventually directly
  dereference it for both reading and writing. Other callers to
  __sys_recvmmsg properly copy from userland to the kernel first. The
  impact is a sort of arbitrary kernel write-where-what primitive by
  unprivileged users where the to-be-written area must contain valid
  timespec data initially (the first 64 bit long field must be positive
  and the second one must be < 1G).

  Break-Fix: ee4fa23c4bfcc635d077a9633d405610de45bc70
  2def2ef2ae5f3990aabdbe8a755911902707d268

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1274349/+subscriptions
  Thread PreviousDate PreviousThread Next