Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 477466 (CVE-2013-4127)

Summary: Kernel : vhost-net: use-after-free in vhost_net_flush (CVE-2013-4127)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2013/07/15/6
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-07-20 08:26:17 UTC 
From ${URL} :

vhost_net_ubuf_put_and_wait has a confusing name: it will actually also
free it's argument. vhost_net_flush tries to use the argument after
passing it to vhost_net_ubuf_put_and_wait, this results in use after
free.

Upstream fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd7633ecd553a5e304d349aa6f8eb8a0417098c5

Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1280c27f8e29acf4af2da914e80ec27c3dbd5c01

Introduced in upstream version:
v3.8-rc1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=984722
https://bugzilla.redhat.com/show_bug.cgi?id=980643
http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f19&id=da4ebd83da1869778909f394f6ebd50850ef5fec
Comment 1 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-07-20 17:48:44 UTC 
------------------------------------------------------------------------
r2443 | tomwij | 2013-07-20 19:48:05 +0200 (Sat, 20 Jul 2013) | 1 line

Commit security fixes for CVE-2013-4125 (fixes bug #477464), CVE-2013-4127 (fixes bug #477466) and CVE-2013-3129 (fixes bug #477468) to branches 3.8, 3.9, 3.10 and 3.11 were they are present and apply.
------------------------------------------------------------------------
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-08-30 01:09:23 UTC 
CVE-2013-4127 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4127):
  Use-after-free vulnerability in the vhost_net_set_backend function in
  drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to
  cause a denial of service (OOPS and system crash) via vectors involving
  powering on a virtual machine.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 15:27:49 UTC 
Fix in 3.11 onward