CVE-2013-2140
Published: 5 June 2013
The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.
From the Ubuntu Security Team
A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk.
Notes
| Author | Note |
|---|---|
| seth-arnold | diff is e79ab45..4119bcd, patch not yet in tree |
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
Patches: Introduced by b3cb0d6adc4bbc70b5e37e49a6068e973545ead7 |
||
|
linux-armadaxp Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-flo Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-gke Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-lts-raring Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-mako Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-manta Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc3)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2140
- http://www.openwall.com/lists/oss-security/2013/06/05/18
- https://ubuntu.com/security/notices/USN-1938-1
- https://ubuntu.com/security/notices/USN-1943-1
- https://ubuntu.com/security/notices/USN-1944-1
- https://ubuntu.com/security/notices/USN-1945-1
- https://ubuntu.com/security/notices/USN-1947-1
- https://ubuntu.com/security/notices/USN-1946-1
- https://ubuntu.com/security/notices/USN-2038-1
- https://ubuntu.com/security/notices/USN-2039-1
- NVD
- Launchpad
- Debian