** Changed in: linux-armadaxp (Ubuntu Precise)
Status: New => Fix Committed
** Changed in: linux-armadaxp (Ubuntu Raring)
Status: New => Fix Committed
** Changed in: linux-armadaxp (Ubuntu Quantal)
Status: New => Fix Committed
** Changed in: linux-lts-backport-oneiric (Ubuntu Lucid)
Status: New => Fix Committed
** Changed in: linux-lts-quantal (Ubuntu Precise)
Status: New => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Precise)
Status: New => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Oneiric)
Status: New => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Raring)
Status: New => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Quantal)
Status: New => Fix Committed
** Description changed:
- If a single descriptor crosses a region, the second chunk length should
- be decremented by size translated so far, instead it includes the full
- descriptor length. A privileged guest user could use this flaw to crash
- the host or, potentially, corrupt host memory.
+ The translate_desc function in drivers/vhost/vhost.c in the Linux kernel
+ before 3.7 does not properly handle cross-region descriptors, which
+ allows guest OS users to obtain host OS privileges by leveraging KVM
+ guest OS privileges.
Break-Fix: 3a4d5c94e959359ece6d6b55045c3f046677f55c
bd97120fc3d1a11f3124c7c9ba1d91f51829eb85
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1130951
Title:
CVE-2013-0311
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1130951/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
