Bug 837111 - (CVE-2013-4254) VUL-1: CVE-2013-4254: kernel: arm: linux-kernel priviledge escalation on ARM/perf
VUL-1: CVE-2013-4254: kernel: arm: linux-kernel priviledge escalation on ARM/...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2013-08-27 20:14 UTC by Marcus Meissner
Modified: 2014-06-23 10:53 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-08-27 20:14:21 UTC
is public via cve db and customer query


The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event. 

Comment 1 Swamp Workflow Management 2013-08-27 22:00:52 UTC
bugbot adjusting priority
Comment 2 Takashi Iwai 2014-03-24 15:39:03 UTC
This hits at most only openSUSE 12.3 ARM port, right?
Comment 3 Marcus Meissner 2014-03-24 15:47:13 UTC
yes, arm 12.3 seems the only match
Comment 4 Takashi Iwai 2014-03-24 15:55:07 UTC
OK, pushed to 12.3 git branch now.
Comment 5 Takashi Iwai 2014-03-24 15:57:38 UTC
Back to security-team.
Comment 6 Swamp Workflow Management 2014-05-19 12:05:30 UTC
openSUSE-SU-2014:0677-1: An update that solves 16 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 733022,811746,833968,837111,851426,852652,852967,858233,858638,858869,858870,858872,860835,862145,863335,864025,866102,868653,869414,869898,871148,871252,871325,873717,875690,875798
CVE References: CVE-2013-4254,CVE-2013-4579,CVE-2013-6885,CVE-2014-0101,CVE-2014-0196,CVE-2014-0691,CVE-2014-1438,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1690,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2672
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.32.2, kernel-source-3.7.10-1.32.1, kernel-syms-3.7.10-1.32.1
Comment 7 Johannes Segitz 2014-06-23 10:53:54 UTC
all packages fixed