← Back to team overview

kernel-packages team mailing list archive

[Bug 1400314] [NEW] CVE-2014-8134

 

*** This bug is a security vulnerability ***

Public security bug reported:

paravirt_enabled has the following effects: - Disables the F00F bug
workaround warning.  There is no F00F bug   workaround any more because
Linux's standard IDT handling already   works around the F00F bug, but
the warning still exists.  This   is only cosmetic, and, in any event,
there is no such thing as   KVM on a CPU with the F00F bug. - Disables
32-bit APM BIOS detection.  On a KVM paravirt system,   there should be
no APM BIOS anyway. - Disables tboot.  I think that the tboot code
should check the   CPUID hypervisor bit directly if it matters. -
paravirt_enabled disables espfix32.  espfix32 should *not* be   disabled
under KVM paravirt. The last point is the purpose of this patch.  It
fixes a leak of the high 16 bits of the kernel stack address on 32-bit
KVM paravirt guests. While I'm at it, this removes pv_info setup from
kvmclock.  That code seems to serve no purpose.

** Affects: linux (Ubuntu)
     Importance: High
         Status: New

** Affects: linux-armadaxp (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-ec2 (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu)
     Importance: High
         Status: Invalid

** Affects: linux (Ubuntu Lucid)
     Importance: High
         Status: New

** Affects: linux-armadaxp (Ubuntu Lucid)
     Importance: High
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Lucid)
     Importance: High
         Status: New

** Affects: linux-fsl-imx51 (Ubuntu Lucid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Lucid)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Lucid)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Lucid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Lucid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Lucid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Lucid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu Lucid)
     Importance: High
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Lucid)
     Importance: High
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Lucid)
     Importance: High
         Status: Invalid

** Affects: linux (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-armadaxp (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-ec2 (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-lts-raring (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-lts-saucy (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-lts-trusty (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux-lts-utopic (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Precise)
     Importance: High
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Precise)
     Importance: High
         Status: New

** Affects: linux (Ubuntu Trusty)
     Importance: High
         Status: New

** Affects: linux-armadaxp (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu Trusty)
     Importance: High
         Status: New

** Affects: linux-mvl-dove (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Trusty)
     Importance: High
         Status: Invalid

** Affects: linux (Ubuntu Utopic)
     Importance: High
         Status: New

** Affects: linux-armadaxp (Ubuntu Utopic)
     Importance: High
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Utopic)
     Importance: High
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Utopic)
     Importance: High
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Utopic)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Utopic)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Utopic)
     Importance: High
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Utopic)
     Importance: High
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Utopic)
     Importance: High
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Utopic)
     Importance: High
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu Utopic)
     Importance: High
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Utopic)
     Importance: High
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Utopic)
     Importance: High
         Status: Invalid

** Affects: linux (Ubuntu Vivid)
     Importance: High
         Status: New

** Affects: linux-armadaxp (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Vivid)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Vivid)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Vivid)
     Importance: High
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Vivid)
     Importance: High
         Status: Invalid


** Tags: kernel-cve-tracking-bug

** Tags added: kernel-cve-tracking-bug

** Information type changed from Public to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-8134

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1400314

Title:
  CVE-2014-8134

Status in linux package in Ubuntu:
  New
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-ec2 package in Ubuntu:
  Invalid
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-lts-backport-maverick package in Ubuntu:
  New
Status in linux-lts-backport-natty package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-mvl-dove package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Lucid:
  New
Status in linux-armadaxp source package in Lucid:
  Invalid
Status in linux-ec2 source package in Lucid:
  New
Status in linux-fsl-imx51 source package in Lucid:
  Invalid
Status in linux-lts-backport-maverick source package in Lucid:
  New
Status in linux-lts-backport-natty source package in Lucid:
  New
Status in linux-lts-quantal source package in Lucid:
  Invalid
Status in linux-lts-raring source package in Lucid:
  Invalid
Status in linux-lts-saucy source package in Lucid:
  Invalid
Status in linux-lts-trusty source package in Lucid:
  Invalid
Status in linux-lts-utopic source package in Lucid:
  Invalid
Status in linux-mvl-dove source package in Lucid:
  Invalid
Status in linux-ti-omap4 source package in Lucid:
  Invalid
Status in linux source package in Precise:
  New
Status in linux-armadaxp source package in Precise:
  New
Status in linux-ec2 source package in Precise:
  Invalid
Status in linux-fsl-imx51 source package in Precise:
  Invalid
Status in linux-lts-backport-maverick source package in Precise:
  New
Status in linux-lts-backport-natty source package in Precise:
  New
Status in linux-lts-quantal source package in Precise:
  New
Status in linux-lts-raring source package in Precise:
  New
Status in linux-lts-saucy source package in Precise:
  New
Status in linux-lts-trusty source package in Precise:
  New
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-mvl-dove source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  New
Status in linux source package in Trusty:
  New
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-ec2 source package in Trusty:
  Invalid
Status in linux-fsl-imx51 source package in Trusty:
  Invalid
Status in linux-lts-backport-maverick source package in Trusty:
  New
Status in linux-lts-backport-natty source package in Trusty:
  New
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  New
Status in linux-mvl-dove source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux source package in Utopic:
  New
Status in linux-armadaxp source package in Utopic:
  Invalid
Status in linux-ec2 source package in Utopic:
  Invalid
Status in linux-fsl-imx51 source package in Utopic:
  Invalid
Status in linux-lts-backport-maverick source package in Utopic:
  New
Status in linux-lts-backport-natty source package in Utopic:
  New
Status in linux-lts-quantal source package in Utopic:
  Invalid
Status in linux-lts-raring source package in Utopic:
  Invalid
Status in linux-lts-saucy source package in Utopic:
  Invalid
Status in linux-lts-trusty source package in Utopic:
  Invalid
Status in linux-lts-utopic source package in Utopic:
  Invalid
Status in linux-mvl-dove source package in Utopic:
  Invalid
Status in linux-ti-omap4 source package in Utopic:
  Invalid
Status in linux source package in Vivid:
  New
Status in linux-armadaxp source package in Vivid:
  Invalid
Status in linux-ec2 source package in Vivid:
  Invalid
Status in linux-fsl-imx51 source package in Vivid:
  Invalid
Status in linux-lts-backport-maverick source package in Vivid:
  New
Status in linux-lts-backport-natty source package in Vivid:
  New
Status in linux-lts-quantal source package in Vivid:
  Invalid
Status in linux-lts-raring source package in Vivid:
  Invalid
Status in linux-lts-saucy source package in Vivid:
  Invalid
Status in linux-lts-trusty source package in Vivid:
  Invalid
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux-mvl-dove source package in Vivid:
  Invalid
Status in linux-ti-omap4 source package in Vivid:
  Invalid

Bug description:
  paravirt_enabled has the following effects: - Disables the F00F bug
  workaround warning.  There is no F00F bug   workaround any more
  because Linux's standard IDT handling already   works around the F00F
  bug, but the warning still exists.  This   is only cosmetic, and, in
  any event, there is no such thing as   KVM on a CPU with the F00F bug.
  - Disables 32-bit APM BIOS detection.  On a KVM paravirt system,
  there should be no APM BIOS anyway. - Disables tboot.  I think that
  the tboot code should check the   CPUID hypervisor bit directly if it
  matters. - paravirt_enabled disables espfix32.  espfix32 should *not*
  be   disabled under KVM paravirt. The last point is the purpose of
  this patch.  It fixes a leak of the high 16 bits of the kernel stack
  address on 32-bit KVM paravirt guests. While I'm at it, this removes
  pv_info setup from kvmclock.  That code seems to serve no purpose.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1400314/+subscriptions


Follow ups

References