Ubuntu
linux package

CVE-2011-1023

Bug #917817 reported by John Johansen on 2012-01-17

258

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Invalid	Medium	Unassigned
Hardy	Invalid	Medium	Stefan Bader
Lucid	Invalid	Medium	Stefan Bader
Maverick	Invalid	Medium	Stefan Bader
Natty	Won't Fix	Medium	Unassigned
Oneiric	Won't Fix	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
linux-armadaxp (Ubuntu)	Fix Released	Medium	Unassigned
Hardy	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Maverick	Invalid	Undecided	Unassigned
Natty	Invalid	Medium	Unassigned
Oneiric	Invalid	Medium	Unassigned
Precise	Fix Released	Medium	Unassigned
Quantal	Fix Released	Medium	Unassigned
linux-ec2 (Ubuntu)	Invalid	Medium	Unassigned
Hardy	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Maverick	Invalid	Medium	Unassigned
Natty	Invalid	Medium	Unassigned
Oneiric	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
linux-fsl-imx51 (Ubuntu)	Invalid	Medium	Unassigned
Hardy	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Maverick	Invalid	Medium	Unassigned
Natty	Invalid	Medium	Unassigned
Oneiric	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
linux-lts-backport-maverick (Ubuntu)	Invalid	Medium	Unassigned
Hardy	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Maverick	Invalid	Medium	Unassigned
Natty	Invalid	Medium	Unassigned
Oneiric	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
linux-lts-backport-natty (Ubuntu)	Invalid	Medium	Unassigned
Hardy	Invalid	Medium	Unassigned
Lucid	Won't Fix	Medium	Unassigned
Maverick	Invalid	Medium	Unassigned
Natty	Invalid	Medium	Unassigned
Oneiric	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
linux-lts-backport-oneiric (Ubuntu)	Invalid	Medium	Unassigned
Hardy	Invalid	Medium	Unassigned
Lucid	Won't Fix	Medium	Unassigned
Maverick	Invalid	Medium	Unassigned
Natty	Invalid	Medium	Unassigned
Oneiric	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
linux-mvl-dove (Ubuntu)	Invalid	Medium	Unassigned
Hardy	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Maverick	Invalid	Medium	Unassigned
Natty	Invalid	Medium	Unassigned
Oneiric	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
linux-ti-omap4 (Ubuntu)	Invalid	Medium	Unassigned
Hardy	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Maverick	Invalid	Medium	Unassigned
Natty	Won't Fix	Medium	Unassigned
Oneiric	Won't Fix	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned

Bug Description

The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash) via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit operation.

Break-Fix: 77dd550e5547846604ff6f90c4dc6bba4414e485 6094628bfd94323fc1cea05ec2c6affd98c18f7f

See original description

Tags:

CVE References

2011-1023

Revision history for this message

John Johansen (jjohansen) wrote on 2012-01-17:

CVE-2011-1023

tags:	added: kernel-cve-tracking-bug
security vulnerability:	no → yes
security vulnerability:	no → yes
Changed in linux-ec2 (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status:	New → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status:	New → Invalid
Changed in linux (Ubuntu Oneiric):
status:	New → Fix Committed
Changed in linux (Ubuntu Precise):
status:	New → Invalid
Changed in linux (Ubuntu Natty):
status:	New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status:	New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Natty):
status:	New → Fix Committed
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status:	New → Invalid
description:	updated
Changed in linux-ec2 (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Maverick):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance:	Undecided → Medium

John Johansen (jjohansen) on 2012-01-17

Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance:	Undecided → Medium

John Johansen (jjohansen) on 2012-01-31

Changed in linux-mvl-dove (Ubuntu Lucid):
status:	New → Invalid
description:	updated

Stefan Bader (smb) on 2012-02-01

Changed in linux (Ubuntu Maverick):
assignee:	nobody → Stefan Bader (stefan-bader-canonical)
status:	New → In Progress
Changed in linux (Ubuntu Lucid):
assignee:	nobody → Stefan Bader (stefan-bader-canonical)
status:	New → In Progress
Changed in linux (Ubuntu Hardy):
assignee:	nobody → Stefan Bader (stefan-bader-canonical)
status:	New → In Progress

Revision history for this message

Stefan Bader (smb) wrote on 2012-02-01:

This one hurts my head. I *think* half of the breakage was actually done by

commit 5b2366bd2835919e2e6a836e837eab4a9274bd46
RDS: Rewrite rds_send_xmit

That looks like it could users without a xmit_cong_map function. The other half seems to be caused by

commit 77dd550e5547846604ff6f90c4dc6bba4414e485
RDS: Stop supporting old cong map sending method

which also changes the users that had one to use a special case in the xmit function. Both changes were introduced with 2.6.37. So I believe Maverick and before are actually unaffected.

Revision history for this message

Stefan Bader (smb) wrote on 2012-02-01:

I am more confident in thinking Maverick and before is ok. However I think this is because there certain markers are reset at the beginning of the loop. The rds_cong_update_alloc should actually initialize a message that is sized to have the congestion map in it. It seems the problem with the new code is that maybe there is a case where the data offset is not reset to zero before the update congestion map message is sent. Then xmit returns the size of the message but the code thinks there was something already done...

Stefan Bader (smb) on 2012-02-01

Changed in linux (Ubuntu Maverick):
status:	In Progress → Invalid
Changed in linux (Ubuntu Lucid):
status:	In Progress → Invalid
Changed in linux (Ubuntu Hardy):
status:	In Progress → Invalid

John Johansen (jjohansen) on 2012-02-01

description:

updated

John Johansen (jjohansen) on 2012-02-03

Changed in linux-ec2 (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status:	New → Invalid

John Johansen (jjohansen) on 2012-05-01

Changed in linux-armadaxp (Ubuntu Maverick):
status:	New → Invalid

John Johansen (jjohansen) on 2012-05-01

Changed in linux-armadaxp (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Oneiric):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Hardy):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Natty):
status:	New → Invalid
importance:	Undecided → Medium

John Johansen (jjohansen) on 2012-05-03

Changed in linux-armadaxp (Ubuntu Precise):
status:	New → Fix Committed

John Johansen (jjohansen) on 2012-05-04

Changed in linux-armadaxp (Ubuntu Quantal):
status:	New → Fix Committed
importance:	Undecided → Medium

John Johansen (jjohansen) on 2012-06-29

description:

updated

Ike Panhc (ikepanhc) on 2012-09-20

Changed in linux-armadaxp (Ubuntu Precise):
status:	Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Quantal):
status:	Fix Committed → Fix Released

Jamie Strandboge (jdstrand) on 2013-05-21

Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status:	Fix Committed → Won't Fix
Changed in linux-ti-omap4 (Ubuntu Natty):
status:	Fix Committed → Won't Fix
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status:	Fix Committed → Won't Fix

Jamie Strandboge (jdstrand) on 2013-05-22

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	Fix Committed → Won't Fix

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2013-07-12:

Thank you for reporting this bug to Ubuntu. natty has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against natty is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux (Ubuntu Natty):
status:	Fix Committed → Won't Fix

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2013-07-12:

Thank you for reporting this bug to Ubuntu. oneiric has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against oneiric is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux (Ubuntu Oneiric):
status:	Fix Committed → Won't Fix

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

CVE-2011-1023

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package