CVE-2012-2372 in Ubuntu

CVE-2012-2372

Priority

Low

Description

The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram
Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier
allows local users to cause a denial of service (BUG_ON and kernel panic)
by establishing an RDS connection with the source IP address equal to the
IPoIB interface's own IP address, as demonstrated by rds-ping.

Ubuntu-Description

A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS)
protocol implementation. A local, unprivileged user could use this flaw to
cause a denial of service.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372
https://rhn.redhat.com/errata/RHSA-2012-0743.html
http://www.ubuntu.com/usn/usn-1529-1
http://www.ubuntu.com/usn/usn-1530-1
http://www.ubuntu.com/usn/usn-1531-1
http://www.ubuntu.com/usn/usn-1514-1
http://www.ubuntu.com/usn/usn-1538-1
http://www.ubuntu.com/usn/usn-1554-1
http://www.ubuntu.com/usn/usn-1555-1
http://www.ubuntu.com/usn/usn-1556-1
http://www.ubuntu.com/usn/usn-1558-1
http://www.ubuntu.com/usn/usn-1563-1

Bugs

https://launchpad.net/bugs/1016299

Notes

jdstrand> linux-armadaxp is maintained by OEM
apw> this is claimed fixed by RedHat but I cannot find the fix anywhere, the
apw> only reference I did find to the CVE in Fedora implies they have miss
apw> tagged the fix for CVE-2012-2373 as 2372:
apw> http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/775892
apw> note the patch is the x86 pmd patch.
apw> needs-triage back to -security for lack of a clear direction on a fix (per
apw> irc discussions)
apw> Looking at the RHEL kernels it appears that this is the fix, though it
apw> is not upstream as yet:
apw> http://people.canonical.com/~apw/misc/cves/CVE-2012-2372-1.diff

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	released (3.2.0-1606.9)
Ubuntu 12.10 (Quantal Quetzal):	not-affected (3.2.0-1606.9)

Package

Source: linux-ec2 (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	released (2.6.32-347.53)
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE

Package

Source: linux-lts-backport-oneiric (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	released (3.0.0-25.41~lucid1)
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	ignored (abandoned)
Ubuntu 12.04 LTS (Precise Pangolin):	ignored (abandoned)
Ubuntu 12.10 (Quantal Quetzal):	ignored (abandoned)

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	ignored (abandoned)
Ubuntu 12.04 LTS (Precise Pangolin):	ignored (abandoned)
Ubuntu 12.10 (Quantal Quetzal):	ignored (abandoned)

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	ignored (abandoned)
Ubuntu 11.10 (Oneiric Ocelot):	ignored (abandoned)
Ubuntu 12.04 LTS (Precise Pangolin):	ignored (abandoned)
Ubuntu 12.10 (Quantal Quetzal):	ignored (abandoned)

Package

Source: linux-lts-backport-natty (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	released (2.6.38-15.65~lucid1)
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE

Package

Source: linux-mvl-dove (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	ignored (reached end-of-life)
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE

Package

Source: linux-lts-backport-maverick (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	ignored (reached end-of-life)
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE

Package

Source: linux (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	not-affected
Ubuntu 10.04 LTS (Lucid Lynx):	released (2.6.32-42.96)
Ubuntu 11.10 (Oneiric Ocelot):	released (3.0.0-25.41)
Ubuntu 12.04 LTS (Precise Pangolin):	released (3.2.0-29.45)
Ubuntu 12.10 (Quantal Quetzal):	not-affected (3.5.0-7.7)

Patches:

Introduced by 639b321b4d8f4e412bfbb2a4a19bfebc1e68ace4

Fixed by local-2012-2372

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	released (3.0.0-1215.27)
Ubuntu 12.04 LTS (Precise Pangolin):	released (3.2.0-1417.23)
Ubuntu 12.10 (Quantal Quetzal):	not-affected (3.5.0-7.7)

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	ignored (abandoned)
Ubuntu 12.04 LTS (Precise Pangolin):	ignored (abandoned)
Ubuntu 12.10 (Quantal Quetzal):	ignored (abandoned)

Package

Source: linux-fsl-imx51 (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	ignored (reached end-of-life, does not affect buildd)
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE

More Information

Updated: 2013-01-23 22:14:32 UTC (commit 6331)