kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #86939
[Bug 1384539] Re: CVE-2014-3610
This bug was fixed in the package linux - 3.13.0-39.66
---------------
linux (3.13.0-39.66) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1386629
[ Upstream Kernel Changes ]
* KVM: x86: Check non-canonical addresses upon WRMSR
- LP: #1384539
- CVE-2014-3610
* KVM: x86: Prevent host from panicking on shared MSR writes.
- LP: #1384539
- CVE-2014-3610
* KVM: x86: Improve thread safety in pit
- LP: #1384540
- CVE-2014-3611
* KVM: x86: Fix wrong masking on relative jump/call
- LP: #1384545
- CVE-2014-3647
* KVM: x86: Warn if guest virtual address space is not 48-bits
- LP: #1384545
- CVE-2014-3647
* KVM: x86: Emulator fixes for eip canonical checks on near branches
- LP: #1384545
- CVE-2014-3647
* KVM: x86: emulating descriptor load misses long-mode case
- LP: #1384545
- CVE-2014-3647
* KVM: x86: Handle errors when RIP is set during far jumps
- LP: #1384545
- CVE-2014-3647
* kvm: vmx: handle invvpid vm exit gracefully
- LP: #1384544
- CVE-2014-3646
* Input: synaptics - gate forcepad support by DMI check
- LP: #1381815
linux (3.13.0-38.65) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1379244
[ Andy Whitcroft ]
* Revert "SAUCE: scsi: hyper-v storsvc switch up to SPC-3"
- LP: #1354397
* [Config] linux-image-extra is additive to linux-image
- LP: #1375310
* [Config] linux-image-extra postrm is not needed on purge
- LP: #1375310
[ Upstream Kernel Changes ]
* Revert "KVM: x86: Increase the number of fixed MTRR regs to 10"
- LP: #1377564
* Revert "USB: option,zte_ev: move most ZTE CDMA devices to zte_ev"
- LP: #1377564
* aufs: bugfix, stop calling security_mmap_file() again
- LP: #1371316
* ipvs: fix ipv6 hook registration for local replies
- LP: #1349768
* Drivers: add blist flags
- LP: #1354397
* sd: fix a bug in deriving the FLUSH_TIMEOUT from the basic I/O timeout
- LP: #1354397
* drm/i915/bdw: Add 42ms delay for IPS disable
- LP: #1374389
* drm/i915: add null render states for gen6, gen7 and gen8
- LP: #1374389
* drm/i915/bdw: 3D_CHICKEN3 has write mask bits
- LP: #1374389
* drm/i915/bdw: Disable idle DOP clock gating
- LP: #1374389
* drm/i915: call lpt_init_clock_gating on BDW too
- LP: #1374389
* drm/i915: shuffle panel code
- LP: #1374389
* drm/i915: extract backlight minimum brightness from VBT
- LP: #1374389
* drm/i915: respect the VBT minimum backlight brightness
- LP: #1374389
* drm/i915/bdw: Apply workarounds in render ring init function
- LP: #1374389
* drm/i915/bdw: Cleanup pre prod workarounds
- LP: #1374389
* drm/i915: Replace hardcoded cacheline size with macro
- LP: #1374389
* drm/i915: Refactor Broadwell PIPE_CONTROL emission into a helper.
- LP: #1374389
* drm/i915: Add the WaCsStallBeforeStateCacheInvalidate:bdw workaround.
- LP: #1374389
* drm/i915/bdw: Remove BDW preproduction W/As until C stepping.
- LP: #1374389
* mptfusion: enable no_write_same for vmware scsi disks
- LP: #1371591
* iommu/amd: Fix cleanup_domain for mass device removal
- LP: #1375266
* cifs: mask off top byte in get_rfc1002_length()
- LP: #1372482
* Input: synaptics - add support for ForcePads
- LP: #1377564
* ASoC: pxa-ssp: drop SNDRV_PCM_FMTBIT_S24_LE
- LP: #1377564
* drm/radeon: add bapm module parameter
- LP: #1377564
* drm/radeon: Add missing lines to ci_set_thermal_temperature_range
- LP: #1377564
* drm/radeon: Add ability to get and change dpm state when radeon PX card
is turned off
- LP: #1377564
* ALSA: hda/realtek - Avoid setting wrong COEF on ALC269 & co
- LP: #1377564
* of/irq: Fix lookup to use 'interrupts-extended' property first
- LP: #1377564
* Possible null ptr deref in SMB2_tcon
- LP: #1377564
* CIFS: Fix SMB2 readdir error handling
- LP: #1377564
* CIFS: Fix wrong directory attributes after rename
- LP: #1377564
* md/raid6: avoid data corruption during recovery of double-degraded
RAID6
- LP: #1377564
* ARM: dts: i.MX53: fix apparent bug in VPU clks
- LP: #1377564
* pata_scc: propagate return value of scc_wait_after_reset
- LP: #1377564
* libata: widen Crucial M550 blacklist matching
- LP: #1377564
* ALSA: hda - restore the gpio led after resume
- LP: #1358116, #1377564
* md/raid10: fix memory leak when reshaping a RAID10.
- LP: #1377564
* md/raid10: Fix memory leak when raid10 reshape completes.
- LP: #1377564
* MIPS: OCTEON: make get_system_type() thread-safe
- LP: #1377564
* can: c_can: checking IS_ERR() instead of NULL
- LP: #1377564
* HID: logitech: perform bounds checking on device_id early enough
- LP: #1377564
* firmware: Do not use WARN_ON(!spin_is_locked())
- LP: #1377564
* drm/radeon: add new KV pci id
- LP: #1377564
* drm/radeon: add new bonaire pci ids
- LP: #1377564
* drm/radeon: add additional SI pci ids
- LP: #1377564
* ibmveth: Fix endian issues with rx_no_buffer statistic
- LP: #1377564
* spi/omap-mcspi: Fix the spi task hangs waiting dma_rx
- LP: #1377564
* xtensa: replace IOCTL code definitions with constants
- LP: #1377564
* xtensa: fix address checks in dma_{alloc,free}_coherent
- LP: #1377564
* xtensa: fix access to THREAD_RA/THREAD_SP/THREAD_DS
- LP: #1377564
* xtensa: fix TLBTEMP_BASE_2 region handling in fast_second_level_miss
- LP: #1377564
* xtensa: fix a6 and a7 handling in fast_syscall_xtensa
- LP: #1377564
* staging: lustre: Remove circular dependency on header
- LP: #1377564
* USB: option: reduce interrupt-urb logging verbosity
- LP: #1377564
* USB: option: add VIA Telecom CDS7 chipset device id
- LP: #1377564
* USB: zte_ev: remove duplicate Gobi PID
- LP: #1377564
* USB: zte_ev: remove duplicate Qualcom PID
- LP: #1377564
* USB: ftdi_sio: add Basic Micro ATOM Nano USB2Serial PID
- LP: #1377564
* USB: serial: pl2303: add device id for ztek device
- LP: #1377564
* USB: ftdi_sio: Added PID for new ekey device
- LP: #1377564
* xhci: Treat not finding the event_seg on COMP_STOP the same as
COMP_STOP_INVAL
- LP: #1377564
* usb: xhci: amd chipset also needs short TX quirk
- LP: #1377564
* xhci: rework cycle bit checking for new dequeue pointers
- LP: #1377564
* spi/pxa2xx: Add ACPI ID for Intel Braswell
- LP: #1377564
* ALSA: core: fix buffer overflow in snd_info_get_line()
- LP: #1377564
* HID: logitech-dj: prevent false errors to be shown
- LP: #1377564
* usb: ehci: using wIndex + 1 for hub port
- LP: #1377564
* staging/rtl8188eu: add 0df6:0076 Sitecom Europe B.V.
- LP: #1377564
* staging: r8188eu: Add new USB ID
- LP: #1377564
* mtd: nand: omap: Fix 1-bit Hamming code scheme, omap_calculate_ecc()
- LP: #1377564
* trace: Fix epoll hang when we race with new entries
- LP: #1377564
* cfq-iosched: Fix wrong children_weight calculation
- LP: #1377564
* USB: sisusb: add device id for Magic Control USB video
- LP: #1377564
* NFSv4: Fix problems with close in the presence of a delegation
- LP: #1377564
* usb: hub: Prevent hub autosuspend if usbcore.autosuspend is -1
- LP: #1377564
* ARM: 8128/1: abort: don't clear the exclusive monitors
- LP: #1377564
* ARM: 8129/1: errata: work around Cortex-A15 erratum 830321 using dummy
strex
- LP: #1377564
* USB: serial: fix potential stack buffer overflow
- LP: #1377564
* USB: serial: fix potential heap buffer overflow
- LP: #1377564
* ext4: update i_disksize coherently with block allocation on error path
- LP: #1377564
* jbd2: fix infinite loop when recovering corrupt journal blocks
- LP: #1377564
* jbd2: fix descriptor block size handling errors with journal_csum
- LP: #1377564
* memblock, memhotplug: fix wrong type in memblock_find_in_range_node().
- LP: #1377564
* xattr: fix check for simultaneous glibc header inclusion
- LP: #1377564
* KVM: s390: Fix user triggerable bug in dead code
- LP: #1377564
* KVM: s390/mm: try a cow on read only pages for key ops
- LP: #1377564
* regmap: Fix regcache debugfs initialization
- LP: #1377564
* regmap: Fix handling of volatile registers for format_write() chips
- LP: #1377564
* ASoC: rt5640: Do not allow regmap to use bulk read-write operations
- LP: #1377564
* drm/i915: Remove bogus __init annotation from DMI callbacks
- LP: #1377564
* hwmon: (ds1621) Update zbits after conversion rate change
- LP: #1377564
* arm64: ptrace: fix compat hardware watchpoint reporting
- LP: #1377564
* ARM/ARM64: KVM: Nuke Hyp-mode tlbs before enabling MMU
- LP: #1377564
* arm/arm64: KVM: Complete WFI/WFE instructions
- LP: #1377564
* get rid of propagate_umount() mistakenly treating slaves as busy.
- LP: #1377564
* fix EBUSY on umount() from MNT_SHRINKABLE
- LP: #1377564
* regmap: Don't attempt block writes when syncing cache on single_rw
devices
- LP: #1377564
* drm/vmwgfx: Fix a potential infinite spin waiting for fifo idle
- LP: #1377564
* ALSA: hda - Fix digital mic on Acer Aspire 3830TG
- LP: #1377564
* xfs: don't dirty buffers beyond EOF
- LP: #1377564
* xfs: don't zero partial page cache pages during O_DIRECT writes
- LP: #1377564
* xfs: don't zero partial page cache pages during O_DIRECT writes
- LP: #1377564
* ALSA: hda - Fix COEF setups for ALC1150 codec
- LP: #1377564
* i2c: rcar: fix MNR interrupt handling
- LP: #1377564
* i2c: mv64xxx: continue probe when clock-frequency is missing
- LP: #1377564
* i2c: at91: Fix a race condition during signal handling in
at91_do_twi_xfer.
- LP: #1377564
* i2c: at91: add bound checking on SMBus block length bytes
- LP: #1377564
* aio: add missing smp_rmb() in read_events_ring
- LP: #1377564
* KEYS: Fix use-after-free in assoc_array_gc()
- LP: #1377564
* ACPI / cpuidle: fix deadlock between cpuidle_lock and cpu_hotplug.lock
- LP: #1377564
* USB: fix build error with CONFIG_PM_RUNTIME disabled
- LP: #1377564
* Linux 3.13.11.8
- LP: #1377564
* powerpc: Fix kdump hang issue on p8 with relocation on exception
enabled.
- LP: #1352056
* net-gre-gro: Fix a bug that breaks the forwarding path
- LP: #1377851
-- Luis Henriques <luis.henriques@xxxxxxxxxxxxx> Tue, 28 Oct 2014 10:29:51 +0000
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1384539
Title:
CVE-2014-3610
Status in “linux” package in Ubuntu:
New
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
New
Status in “linux-lts-backport-natty” package in Ubuntu:
New
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Invalid
Status in “linux” source package in Lucid:
New
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
New
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
New
Status in “linux-lts-backport-natty” source package in Lucid:
New
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
New
Status in “linux-armadaxp” source package in Precise:
New
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
New
Status in “linux-lts-backport-natty” source package in Precise:
New
Status in “linux-lts-quantal” source package in Precise:
New
Status in “linux-lts-raring” source package in Precise:
New
Status in “linux-lts-saucy” source package in Precise:
New
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
New
Status in “linux” source package in Trusty:
Fix Released
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
New
Status in “linux-lts-backport-natty” source package in Trusty:
New
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Invalid
Status in “linux” source package in Utopic:
Fix Released
Status in “linux-armadaxp” source package in Utopic:
Invalid
Status in “linux-ec2” source package in Utopic:
Invalid
Status in “linux-fsl-imx51” source package in Utopic:
Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
New
Status in “linux-lts-backport-natty” source package in Utopic:
New
Status in “linux-lts-quantal” source package in Utopic:
Invalid
Status in “linux-lts-raring” source package in Utopic:
Invalid
Status in “linux-lts-saucy” source package in Utopic:
Invalid
Status in “linux-mvl-dove” source package in Utopic:
Invalid
Status in “linux-ti-omap4” source package in Utopic:
Invalid
Status in “linux” source package in Vivid:
New
Status in “linux-armadaxp” source package in Vivid:
Invalid
Status in “linux-ec2” source package in Vivid:
Invalid
Status in “linux-fsl-imx51” source package in Vivid:
Invalid
Status in “linux-lts-backport-maverick” source package in Vivid:
New
Status in “linux-lts-backport-natty” source package in Vivid:
New
Status in “linux-lts-quantal” source package in Vivid:
Invalid
Status in “linux-lts-raring” source package in Vivid:
Invalid
Status in “linux-lts-saucy” source package in Vivid:
Invalid
Status in “linux-mvl-dove” source package in Vivid:
Invalid
Status in “linux-ti-omap4” source package in Vivid:
Invalid
Bug description:
If the guest writes a noncanonical value to certain MSR registers, KVM
will write that value to the MSR in the host context and a #GP will be
raised leading to kernel panic. A privileged guest user can use this
flaw to crash the host. Enabling CONFIG_PARAVIRT when building the
kernel mitigates this issue because wrmsrl() ends up invoking safe msr
write variant.
Break-Fix: - 854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
Break-Fix: - 8b3c3104c3f4f706e99365c3e0d2aa61b95f969f
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1384539/+subscriptions
References
