CVE-2013-6368

Publication date 14 December 2013

Last updated 24 July 2024


Ubuntu priority

The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.

From the Ubuntu Security Team

Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash).

Read the notes from the security team

Status

Package Ubuntu Release Status
linux 14.04 LTS trusty
Not affected
13.10 saucy
Fixed 3.11.0-17.31
13.04 raring Ignored end of life
12.10 quantal
Fixed 3.5.0-47.71
12.04 LTS precise
Fixed 3.2.0-60.91
10.04 LTS lucid Ignored end of life
linux-armadaxp 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal
Fixed 3.5.0-1628.37
12.04 LTS precise
Fixed 3.2.0-1631.43
10.04 LTS lucid Not in release
linux-ec2 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Ignored end of life
linux-flo 14.04 LTS trusty Ignored end of life, was needed
13.10 saucy Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-fsl-imx51 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Ignored end of life
linux-goldfish 14.04 LTS trusty Ignored end of life, was needed
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-grouper 14.04 LTS trusty Not in release
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-linaro-omap 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Not in release
linux-linaro-shared 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Not in release
linux-linaro-vexpress 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Not in release
linux-lts-quantal 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise
Fixed 3.5.0-47.71~precise1
10.04 LTS lucid Not in release
linux-lts-raring 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise
Fixed 3.8.0-37.53~precise1
10.04 LTS lucid Not in release
linux-lts-saucy 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise
Fixed 3.11.0-17.31~precise1
10.04 LTS lucid Not in release
linux-lts-trusty 14.04 LTS trusty Not in release
13.10 saucy Not in release
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release
linux-maguro 14.04 LTS trusty Not in release
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-mako 14.04 LTS trusty Ignored end of life, was needed
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-manta 14.04 LTS trusty Ignored end of life, was needed
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-mvl-dove 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Ignored end of life
linux-qcm-msm 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Ignored end of life
linux-ti-omap4 14.04 LTS trusty Not in release
13.10 saucy
Fixed 3.5.0-239.55
13.04 raring Ignored end of life
12.10 quantal
Fixed 3.5.0-239.55
12.04 LTS precise
Fixed 3.2.0-1444.63
10.04 LTS lucid Not in release

Notes


jdstrand

per upstream, not guest triggerable because write must be done in firmware which is before the guest starts. Also only affects certain processors per kernel team, too intrusive to backport

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
linux

References

Related Ubuntu Security Notices (USN)

    • USN-2138-1
    • Linux kernel vulnerabilities
    • 7 March 2014
    • USN-2136-1
    • Linux kernel (Raring HWE) vulnerabilities
    • 7 March 2014
    • USN-2113-1
    • Linux kernel (Saucy HWE) vulnerabilities
    • 18 February 2014
    • USN-2139-1
    • Linux kernel (OMAP4) vulnerabilities
    • 7 March 2014
    • USN-2134-1
    • Linux kernel (OMAP4) vulnerabilities
    • 7 March 2014
    • USN-2135-1
    • Linux kernel (Quantal HWE) vulnerabilities
    • 7 March 2014
    • USN-2133-1
    • Linux kernel vulnerabilities
    • 7 March 2014
    • USN-2141-1
    • Linux kernel (OMAP4) vulnerabilities
    • 7 March 2014
    • USN-2117-1
    • Linux kernel vulnerabilities
    • 18 February 2014

Other references