Bug 804656 - (CVE-2013-0311) VUL-1: CVE-2013-0311: kernel: vhost: fix length for cross region descriptor
(CVE-2013-0311)
VUL-1: CVE-2013-0311: kernel: vhost: fix length for cross region descriptor
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Major
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle11-sp2:52260 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-02-20 10:55 UTC by Marcus Meissner
Modified: 2014-06-11 15:26 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-02-20 10:55:31 UTC
is public, via oss-security

CVE-2013-0311

From: Petr Matousek <pmatouse@redhat.com>
Subject: [oss-security] CVE request -- Linux kernel: vhost: fix length for cross region descriptor
Date: Wed, 20 Feb 2013 01:41:59 +0100

If a single descriptor crosses a region, the second chunk length should
be decremented by size translated so far, instead it includes the full
descriptor length. A privileged guest user could use this flaw to crash
the host or, potentially, corrupt host memory.

Upstream fix:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=bd97120fc3d1a11f3124c7c9ba1d91f51829eb85

References:
https://bugzilla.redhat.com/show_bug.cgi?id=912905
Comment 1 Swamp Workflow Management 2013-02-20 23:00:20 UTC
bugbot adjusting priority
Comment 2 Michal Hocko 2013-02-25 10:09:30 UTC
The driver has been introduced in 2.6.34 so SLE11-SP1-TD (and later) is not affected
Comment 3 Marcus Meissner 2013-04-19 16:44:23 UTC
is in patches.kernel.org/patch-3.0.67-68
Comment 4 Marcus Meissner 2013-05-07 11:41:52 UTC
We have just released a kernel update for SUSE Linux Enterprise 11 SP2 that mentions/fixes this bug. The released kernel version is 3.0.74-0.6.6.2.
Comment 5 Swamp Workflow Management 2013-05-07 14:15:55 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (s390x)
SLE-HAE 11-SP2 (s390x)
SLE-SERVER 11-SP2 (s390x)
Comment 6 Swamp Workflow Management 2013-05-07 14:38:55 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-devel, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-devel, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-devel, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP2 (i386)
SLE-DESKTOP 11-SP2 (i386)
SLE-HAE 11-SP2 (i386)
SLE-SERVER 11-SP2 (i386)
SLES4VMWARE 11-SP2 (i386)
Comment 7 Swamp Workflow Management 2013-05-07 14:40:37 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (ppc64)
SLE-HAE 11-SP2 (ppc64)
SLE-SERVER 11-SP2 (ppc64)
Comment 8 Swamp Workflow Management 2013-05-07 15:28:27 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (ia64)
SLE-HAE 11-SP2 (ia64)
SLE-SERVER 11-SP2 (ia64)
Comment 9 Swamp Workflow Management 2013-05-07 19:10:39 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 10 Swamp Workflow Management 2013-05-07 20:11:11 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-pae, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 11 Swamp Workflow Management 2013-05-07 21:12:34 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 12 Swamp Workflow Management 2013-05-07 22:13:08 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-ppc64, ext4-writeable-kmp-trace, kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)
Comment 13 Swamp Workflow Management 2013-05-07 23:14:21 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)
Comment 14 Swamp Workflow Management 2013-07-12 07:08:41 UTC
openSUSE-SU-2013:1187-1: An update that solves 13 vulnerabilities and has 35 fixes is now available.

Category: security (important)
Bug References: 763968,769685,788590,789359,792584,797175,800907,802642,804609,804656,805804,805945,806238,806980,808358,808647,808827,809122,809895,809902,809903,810473,810580,810624,810722,812281,814719,815356,815444,815745,816443,816451,816586,817010,817339,818053,818327,818371,818514,818516,818798,819295,819519,819655,820434,821930,822431,822722
CVE References: CVE-2012-6548,CVE-2012-6549,CVE-2013-0160,CVE-2013-0268,CVE-2013-0311,CVE-2013-0914,CVE-2013-1772,CVE-2013-1792,CVE-2013-1796,CVE-2013-1797,CVE-2013-1798,CVE-2013-2634,CVE-2013-2635
Sources used:
openSUSE 11.4 (src):    kernel-docs-3.0.80-52.2, kernel-source-3.0.80-52.1, kernel-syms-3.0.80-52.1, preload-1.2-6.35.1
Comment 15 Jeff Mahoney 2013-07-31 19:50:21 UTC
openSUSE 12.2 got the fix via 3.4.35.
The fix was upstream for 3.7
Comment 16 Marcus Meissner 2013-10-04 16:05:25 UTC
done then