CVE-2013-4592 in Ubuntu

CVE-2013-4592

Priority

Description

Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c
in the Linux kernel before 3.9 allows local users to cause a denial of
service (memory consumption) by leveraging certain device access to trigger
movement of memory slots.

Ubuntu-Description

A flaw in the handling of memory regions of the kernel virtual machine
(KVM) subsystem was discovered. A local user with the ability to assign a
device could exploit this flaw to cause a denial of service (memory
consumption).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4592
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2
https://github.com/torvalds/linux/commit/e40f193f5bb022e927a57a4f5d5194e4f12ddb74
https://github.com/torvalds/linux/commit/12d6e7538e2d418c08f082b1b44ffa5fb7270ed8
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40f193f5bb022e927a57a4f5d5194e4f12ddb74
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=12d6e7538e2d418c08f082b1b44ffa5fb7270ed8
https://bugzilla.redhat.com/show_bug.cgi?id=1031702
http://www.openwall.com/lists/oss-security/2013/11/18/3
https://usn.ubuntu.com/usn/usn-2066-1
https://usn.ubuntu.com/usn/usn-2067-1
https://usn.ubuntu.com/usn/usn-2111-1
https://usn.ubuntu.com/usn/usn-2112-1
https://usn.ubuntu.com/usn/usn-2114-1
https://usn.ubuntu.com/usn/usn-2115-1
https://usn.ubuntu.com/usn/usn-2116-1

Bugs

https://launchpad.net/bugs/1254900

Notes

jdstrand

attacker requires privileged access to the host hardware to exploit
per kernel team, too intrusive to backport

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	not-affected (3.11.0-12.19)

Patches:

Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	Fixed by 12d6e7538e2d418c08f082b1b44ffa5fb7270ed8
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	Fixed by e40f193f5bb022e927a57a4f5d5194e4f12ddb74

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-ec2 (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [was needed now end-of-life])

Package

Source: linux-fsl-imx51 (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [was needed now end-of-life])

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [see note])

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Patches:

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [see note])

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [was needed now end-of-life])

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [was needed now end-of-life])

Package

Source: linux-mvl-dove (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (3.9~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

More Information

Updated: 2020-03-18 22:13:25 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)