CVE-2014-0131

Priority
Medium
Description
Use-after-free vulnerability in the skb_segment function in
net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to
obtain sensitive information from kernel memory by leveraging the absence
of a certain orphaning operation.
Ubuntu-Description
Michael S. Tsirkin discovered an information leak in the Linux kernel's
segmentation of skbs when using the zerocopy feature of vhost-net. A local
attacker could exploit this flaw to gain potentially sensitive information
from kernel memory.
References
Bugs
Notes
jdstrand> android kernels (goldfish, grouper, maguro, mako and manta) are not
supported on the Ubuntu Touch 13.10 preview kernels
apw> Also needs the following:
a5c39b046fdf5025ab4d274edaf5d8f53326b34c skbuff: skb_segment: s/fskb/list_skb/
cff87de1c2625eadcd1b38f14d3a036e160aefa3 skbuff: skb_segment: s/skb/head_skb/
ef92873b71a1879a19d64575725a7bbf8c59d9f6 skbuff: skb_segment: s/skb_frag/frag/
c4d421e6e53be12b422b5d6ff93bf6c1d6cc83d5 skbuff: skb_segment: s/frag/nskb_frag/
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.13.0-24.46~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.0-1636.53)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (abandoned)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (3.5.0-54.81~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Patches:
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 14.10 (Utopic Unicorn):needed
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 14.10 (Utopic Unicorn):needed
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (3.11.0-26.45~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.0-67.101)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.13.0-21.43)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.13.0-24.46)
Patches:
Introduced by a6686f2f382b13f8a7253401a66690c3633b6a74Fixed by 1fd819ecb90cc9b822cd84d3056ddba315d3340f
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 14.10 (Utopic Unicorn):needed
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.0-1451.71)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life, does not affect buildd)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (3.8.0-44.66~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.14~rc7)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 14.10 (Utopic Unicorn):needed
More Information

Valid XHTML 1.0 Strict

Updated: 2014-10-23 21:18:16 UTC (commit 8644)