CVE-2013-6380

Published: 26 November 2013

The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.

From the Ubuntu security team

Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact.

Priority

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
	Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by b4789b8e6be3151a955ade74872822f30e8cd914
linux-armadaxp Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
	This package is not directly supported by the Ubuntu Security Team
linux-aws Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-ec2 Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-flo Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-fsl-imx51 Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-gke Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-goldfish Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-grouper Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-hwe Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-hwe-edge Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-linaro-omap Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-linaro-shared Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-linaro-vexpress Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-lts-quantal Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-lts-raring Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-lts-saucy Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-lts-trusty Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-lts-utopic Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-lts-vivid Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-lts-wily Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-lts-xenial Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-maguro Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-mako Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-manta Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-mvl-dove Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-qcm-msm Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-raspi2 Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-snapdragon Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)
linux-ti-omap4 Launchpad, Ubuntu, Debian	upstream	Released (3.13~rc1)

Security

CVE-2013-6380

From the Ubuntu security team

Medium

Status

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading