Summary: | Kernel : BUG at kernel/timer.c:729 (CVE-2013-4129) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kernel |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/07/15/8 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 477688 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-07-20 08:28:19 UTC
------------------------------------------------------------------------ r2443 | tomwij | 2013-07-20 19:48:05 +0200 (Sat, 20 Jul 2013) | 1 line Commit security fixes for CVE-2013-4125 (fixes bug #477464), CVE-2013-4127 (fixes bug #477466) and CVE-2013-3129 (fixes bug #477468) to branches 3.8, 3.9, 3.10 and 3.11 were they are present and apply. ------------------------------------------------------------------------ CVE-2013-4129 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4129): The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c. Fix in 3.11.7 onward |