First Last Prev Next    This bug is not in your last search results.
Bug 837111 - (CVE-2013-4254) VUL-1: CVE-2013-4254: kernel: arm: linux-kernel priviledge escalation on ARM/perf
(CVE-2013-4254)
VUL-1: CVE-2013-4254: kernel: arm: linux-kernel priviledge escalation on ARM/...
Status: VERIFIED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-27 20:14 UTC by Marcus Meissner
Modified: 2014-06-23 10:53 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-08-27 20:14:21 UTC 
is public via cve db and customer query

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4254

The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event. 

URL:http://www.openwall.com/lists/oss-security/2013/08/16/6
CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c95eb3184ea1a3a2551df57190c81da695e2144b
Comment 1 Swamp Workflow Management 2013-08-27 22:00:52 UTC 
bugbot adjusting priority
Comment 2 Takashi Iwai 2014-03-24 15:39:03 UTC 
This hits at most only openSUSE 12.3 ARM port, right?
Comment 3 Marcus Meissner 2014-03-24 15:47:13 UTC 
yes, arm 12.3 seems the only match
Comment 4 Takashi Iwai 2014-03-24 15:55:07 UTC 
OK, pushed to 12.3 git branch now.
Comment 5 Takashi Iwai 2014-03-24 15:57:38 UTC 
Back to security-team.
Comment 6 Swamp Workflow Management 2014-05-19 12:05:30 UTC 
openSUSE-SU-2014:0677-1: An update that solves 16 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 733022,811746,833968,837111,851426,852652,852967,858233,858638,858869,858870,858872,860835,862145,863335,864025,866102,868653,869414,869898,871148,871252,871325,873717,875690,875798
CVE References: CVE-2013-4254,CVE-2013-4579,CVE-2013-6885,CVE-2014-0101,CVE-2014-0196,CVE-2014-0691,CVE-2014-1438,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1690,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2672
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.32.2, kernel-source-3.7.10-1.32.1, kernel-syms-3.7.10-1.32.1
Comment 7 Johannes Segitz 2014-06-23 10:53:54 UTC 
all packages fixed
First Last Prev Next    This bug is not in your last search results.