CVE-2013-0190
Published: 16 January 2013
The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption.
From the Ubuntu security team
Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.2.0-16.19)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(3.11.0-12.19)
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Released
(3.2.0-39.62)
|
|
|
Patches: Other: http://seclists.org/oss-sec/2013/q1/att-96/xsa40.patch Introduced by 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 Fixed by 9174adbee4a9a49d0139f5d71969852b36720809 |
||
|
linux-armadaxp Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was not-affected [XEN specific issue])
|
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1001.10)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-1002.2)
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1003.3)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(3.4.0-4.27)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was ignored [abandoned])
|
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was ignored [abandoned])
|
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was ignored [abandoned])
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was released [3.5.0-26.42~precise1])
|
|
|
Patches: DNE |
||
|
linux-lts-raring Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was not-affected [3.8.0-19.30~precise1])
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Not vulnerable
(3.13.0-24.46~precise1)
|
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [3.16.0-25.33~14.04.2])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [3.19.0-18.18~14.04.1])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [4.2.0-18.22~14.04.1])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [3.4.0-5.22])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was ignored [abandoned])
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.2.0-1013.19)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1012.12)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.8~rc5)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was not-affected [XEN specific issue])
|
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0190
- http://www.openwall.com/lists/oss-security/2013/01/16/8
- https://usn.ubuntu.com/usn/usn-1719-1
- https://usn.ubuntu.com/usn/usn-1720-1
- https://usn.ubuntu.com/usn/usn-1725-1
- https://usn.ubuntu.com/usn/usn-1728-1
- https://usn.ubuntu.com/usn/usn-1767-1
- https://usn.ubuntu.com/usn/usn-1768-1
- https://usn.ubuntu.com/usn/usn-1769-1
- https://usn.ubuntu.com/usn/usn-1774-1
- NVD
- Launchpad
- Debian