Your submission was sent successfully! Close

CVE-2012-2119

Published: 19 April 2012

Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.

From the Ubuntu security team

A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled.

Notes

AuthorNote
apw
email thread discussing the patch does not conclude on a patch as yet
nothing obviously matching it has hit mainline yet
a second patch set was pushed under the thread below and appears to be
making its way into v3.5
http://www.spinics.net/lists/netdev/msg197132.html
Patch set seems to have hit ending at the sha1 below, it is possible
we need all four patches:
b92946e2919134ebe2a4083e4302236295ea2a73
Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

precise
Released (3.2.0-29.46)
upstream
Released (3.5~rc1)
Patches:
Introduced by

97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2

Fixed by 3afc9621f15701c557e60f61eba9242bac2771dd
Introduced by

97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2

Fixed by 4ef67ebedffa44ed9939b34708ac2fee06d2f65f
Introduced by

97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2

Fixed by 02ce04bb3d28c3333231f43bca677228dbc686fe
Introduced by

97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2

Fixed by 01d6657b388438def19c8baaea28e742b6ed32ec
Introduced by

97bc3633bec7ed0fdfbda6b9cf86c51e4f58f8e2

Fixed by b92946e2919134ebe2a4083e4302236295ea2a73
linux-armadaxp
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise
Released (3.2.0-1606.9)
upstream
Released (3.5~rc1)
linux-ec2
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (3.5~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (3.5~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (3.5~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (3.5~rc1)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (3.5~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (3.5~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

upstream
Released (3.5~rc1)