CVE-2013-1819

Published: 06 March 2013

The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map.

From the Ubuntu security team

A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.11.0-12.19)
Patches:
Introduced by 74f75a0cb7033918eb0fa4a50df25091ac75c16e
Fixed by eb178619f930fa2ba2348de332a1ff1c66a31424
linux-2.6
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-linaro-omap
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-qcm-msm
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (3.8~rc6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
henrix
This CVE has minor impact as it requires root privileges to mount a
corrupted image.  Also, it is too risky to backport the fix to older
kernels (Precise, in this case).
jjohansen
precise_linux and precise_linux-lts-quantal ignored (was in
USN-1968-1/3.2.0-54.82 reverted minor priority CVE with high risk of
regression in backport)
precise_linux-armadaxp ignored due to high risk of regression in
backport

References

Bugs