Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 477468 (CVE-2013-4129) - Kernel : BUG at kernel/timer.c:729 (CVE-2013-4129)
Summary: Kernel : BUG at kernel/timer.c:729 (CVE-2013-4129)
Alias: CVE-2013-4129
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
Depends on: 477688
  Show dependency tree
Reported: 2013-07-20 08:28 UTC by Agostino Sarubbo
Modified: 2022-03-25 15:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-07-20 08:28:19 UTC
From ${URL} :

Several people reported the oops: "kernel BUG at kernel/timer.c:729!"
and the stack trace is:

    #7 [ffff880214d25c10] mod_timer+501 at ffffffff8106d905
    #8 [ffff880214d25c50] br_multicast_del_pg.isra.20+261 at
ffffffffa0731d25 [bridge]
    #9 [ffff880214d25c80] br_multicast_disable_port+88 at
ffffffffa0732948 [bridge]
    #10 [ffff880214d25cb0] br_stp_disable_port+154 at ffffffffa072bcca
    #11 [ffff880214d25ce8] br_device_event+520 at ffffffffa072a4e8
    #12 [ffff880214d25d18] notifier_call_chain+76 at ffffffff8164aafc
    #13 [ffff880214d25d50] raw_notifier_call_chain+22 at
    #14 [ffff880214d25d60] call_netdevice_notifiers+45 at
    #15 [ffff880214d25d80] dev_close_many+183 at ffffffff81536d17
    #16 [ffff880214d25dc0] rollback_registered_many+168 at
    #17 [ffff880214d25de8] rollback_registered+49 at ffffffff81538101
    #18 [ffff880214d25e10] unregister_netdevice_queue+72 at
    #19 [ffff880214d25e30] __tun_detach+272 at ffffffffa074c2f0 [tun]
    #20 [ffff880214d25e88] tun_chr_close+45 at ffffffffa074c4bd [tun]
    #21 [ffff880214d25ea8] __fput+225 at ffffffff8119b1f1
    #22 [ffff880214d25ef0] ____fput+14 at ffffffff8119b3fe
    #23 [ffff880214d25f00] task_work_run+159 at ffffffff8107cf7f
    #24 [ffff880214d25f30] do_notify_resume+97 at ffffffff810139e1
    #25 [ffff880214d25f50] int_signal+18 at ffffffff8164f292

The bug was usually hit when shutting down a KVM guest.

Upstream fix:

Introduced by:

Introduced in upstream version:

Comment 1 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-07-20 17:48:54 UTC
r2443 | tomwij | 2013-07-20 19:48:05 +0200 (Sat, 20 Jul 2013) | 1 line

Commit security fixes for CVE-2013-4125 (fixes bug #477464), CVE-2013-4127 (fixes bug #477466) and CVE-2013-3129 (fixes bug #477468) to branches 3.8, 3.9, 3.10 and 3.11 were they are present and apply.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-08-30 01:30:15 UTC
CVE-2013-4129 (
  The bridge multicast implementation in the Linux kernel through 3.10.3 does
  not check whether a certain timer is armed before modifying the timeout
  value of that timer, which allows local users to cause a denial of service
  (BUG and system crash) via vectors involving the shutdown of a KVM virtual
  machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 15:28:24 UTC
Fix in 3.11.7 onward