** Changed in: linux-armadaxp (Ubuntu Precise) Status: New => Fix Committed
** Changed in: linux-armadaxp (Ubuntu Quantal) Status: New => Fix Committed ** Changed in: linux-ec2 (Ubuntu Lucid) Status: New => Fix Committed ** Changed in: linux-lts-quantal (Ubuntu Precise) Status: New => Fix Committed ** Changed in: linux-lts-saucy (Ubuntu Precise) Status: New => Fix Committed ** Changed in: linux (Ubuntu Precise) Status: New => Fix Committed ** Changed in: linux (Ubuntu Saucy) Status: New => Fix Committed ** Changed in: linux (Ubuntu Trusty) Status: New => Fix Committed ** Changed in: linux (Ubuntu Lucid) Status: New => Fix Committed ** Changed in: linux (Ubuntu Quantal) Status: New => Fix Committed ** Changed in: linux-ti-omap4 (Ubuntu Precise) Status: New => Fix Committed ** Changed in: linux-ti-omap4 (Ubuntu Saucy) Status: New => Fix Committed ** Changed in: linux-ti-omap4 (Ubuntu Quantal) Status: New => Fix Committed ** Changed in: linux-lts-raring (Ubuntu Precise) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-armadaxp in Ubuntu. https://bugs.launchpad.net/bugs/1316735 Title: CVE-2014-1738 Status in “linux” package in Ubuntu: New Status in “linux-armadaxp” package in Ubuntu: Invalid Status in “linux-ec2” package in Ubuntu: Invalid Status in “linux-fsl-imx51” package in Ubuntu: Invalid Status in “linux-lts-backport-maverick” package in Ubuntu: New Status in “linux-lts-backport-natty” package in Ubuntu: New Status in “linux-lts-quantal” package in Ubuntu: Invalid Status in “linux-lts-raring” package in Ubuntu: Invalid Status in “linux-lts-saucy” package in Ubuntu: Invalid Status in “linux-mvl-dove” package in Ubuntu: Invalid Status in “linux-ti-omap4” package in Ubuntu: Invalid Status in “linux” source package in Lucid: Fix Committed Status in “linux-armadaxp” source package in Lucid: Invalid Status in “linux-ec2” source package in Lucid: Fix Committed Status in “linux-fsl-imx51” source package in Lucid: Invalid Status in “linux-lts-backport-maverick” source package in Lucid: New Status in “linux-lts-backport-natty” source package in Lucid: New Status in “linux-lts-quantal” source package in Lucid: Invalid Status in “linux-lts-raring” source package in Lucid: Invalid Status in “linux-lts-saucy” source package in Lucid: Invalid Status in “linux-mvl-dove” source package in Lucid: Invalid Status in “linux-ti-omap4” source package in Lucid: Invalid Status in “linux” source package in Precise: Fix Committed Status in “linux-armadaxp” source package in Precise: Fix Committed Status in “linux-ec2” source package in Precise: Invalid Status in “linux-fsl-imx51” source package in Precise: Invalid Status in “linux-lts-backport-maverick” source package in Precise: New Status in “linux-lts-backport-natty” source package in Precise: New Status in “linux-lts-quantal” source package in Precise: Fix Committed Status in “linux-lts-raring” source package in Precise: Fix Committed Status in “linux-lts-saucy” source package in Precise: Fix Committed Status in “linux-mvl-dove” source package in Precise: Invalid Status in “linux-ti-omap4” source package in Precise: Fix Committed Status in “linux” source package in Quantal: Fix Committed Status in “linux-armadaxp” source package in Quantal: Fix Committed Status in “linux-ec2” source package in Quantal: Invalid Status in “linux-fsl-imx51” source package in Quantal: Invalid Status in “linux-lts-backport-maverick” source package in Quantal: New Status in “linux-lts-backport-natty” source package in Quantal: New Status in “linux-lts-quantal” source package in Quantal: Invalid Status in “linux-lts-raring” source package in Quantal: Invalid Status in “linux-lts-saucy” source package in Quantal: Invalid Status in “linux-mvl-dove” source package in Quantal: Invalid Status in “linux-ti-omap4” source package in Quantal: Fix Committed Status in “linux” source package in Saucy: Fix Committed Status in “linux-armadaxp” source package in Saucy: Invalid Status in “linux-ec2” source package in Saucy: Invalid Status in “linux-fsl-imx51” source package in Saucy: Invalid Status in “linux-lts-backport-maverick” source package in Saucy: New Status in “linux-lts-backport-natty” source package in Saucy: New Status in “linux-lts-quantal” source package in Saucy: Invalid Status in “linux-lts-raring” source package in Saucy: Invalid Status in “linux-lts-saucy” source package in Saucy: Invalid Status in “linux-mvl-dove” source package in Saucy: Invalid Status in “linux-ti-omap4” source package in Saucy: Fix Committed Status in “linux” source package in Trusty: Fix Committed Status in “linux-armadaxp” source package in Trusty: Invalid Status in “linux-ec2” source package in Trusty: Invalid Status in “linux-fsl-imx51” source package in Trusty: Invalid Status in “linux-lts-backport-maverick” source package in Trusty: New Status in “linux-lts-backport-natty” source package in Trusty: New Status in “linux-lts-quantal” source package in Trusty: Invalid Status in “linux-lts-raring” source package in Trusty: Invalid Status in “linux-lts-saucy” source package in Trusty: Invalid Status in “linux-mvl-dove” source package in Trusty: Invalid Status in “linux-ti-omap4” source package in Trusty: Invalid Status in “linux” source package in Utopic: New Status in “linux-armadaxp” source package in Utopic: Invalid Status in “linux-ec2” source package in Utopic: Invalid Status in “linux-fsl-imx51” source package in Utopic: Invalid Status in “linux-lts-backport-maverick” source package in Utopic: New Status in “linux-lts-backport-natty” source package in Utopic: New Status in “linux-lts-quantal” source package in Utopic: Invalid Status in “linux-lts-raring” source package in Utopic: Invalid Status in “linux-lts-saucy” source package in Utopic: Invalid Status in “linux-mvl-dove” source package in Utopic: Invalid Status in “linux-ti-omap4” source package in Utopic: Invalid Bug description: There is also another issue which greatly helps in the exploitation of this other issue. In raw_cmd_copyout, the entire floppy_raw_cmd structure is copy_to_user'd back to userspace after raw command processing. The issue is that the entire structure is copied back, which leaks to userspace the address of the allocated DMA pages, if any, and the address of the next-in-list command structure, if any. A malicious user can send a FDRAWCMD ioctl with the FD_RAW_MORE flag set and, upon inspecting the result in the command argument, find the address of the last floppy_raw_cmd allocation on the kmalloc-nnn slab. Break-Fix: - 2145e15e0557a01b9195d1c7199a1b92cb9be81f To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1316735/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp