CVE-2013-4254
Published: 24 August 2013
The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.
From the Ubuntu security team
Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash).
Priority
High
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
Patches: Introduced by 84fee97a026ca085f08381054513f9e24689a303 Introduced by 1b8873a0c6ec511870c106c80b94658f857c47f2 |
||
|
linux-2.6 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-flo Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-gke Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-lts-raring Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-mako Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-manta Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc6)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4254
- http://www.openwall.com/lists/oss-security/2013/08/16/5
- http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7809/1
- https://ubuntu.com/security/notices/USN-1968-1
- https://ubuntu.com/security/notices/USN-1969-1
- https://ubuntu.com/security/notices/USN-1970-1
- https://ubuntu.com/security/notices/USN-1971-1
- https://ubuntu.com/security/notices/USN-1972-1
- https://ubuntu.com/security/notices/USN-1973-1
- https://ubuntu.com/security/notices/USN-1974-1
- https://ubuntu.com/security/notices/USN-1975-1
- NVD
- Launchpad
- Debian