** Changed in: linux-armadaxp (Ubuntu Precise) Status: New => Fix Released
** Changed in: linux-lts-raring (Ubuntu Precise) Status: New => Invalid ** Description changed: - paravirt_enabled has the following effects: - Disables the F00F bug - workaround warning. There is no F00F bug workaround any more because - Linux's standard IDT handling already works around the F00F bug, but - the warning still exists. This is only cosmetic, and, in any event, - there is no such thing as KVM on a CPU with the F00F bug. - Disables - 32-bit APM BIOS detection. On a KVM paravirt system, there should be - no APM BIOS anyway. - Disables tboot. I think that the tboot code - should check the CPUID hypervisor bit directly if it matters. - - paravirt_enabled disables espfix32. espfix32 should *not* be disabled - under KVM paravirt. The last point is the purpose of this patch. It - fixes a leak of the high 16 bits of the kernel stack address on 32-bit - KVM paravirt guests. While I'm at it, this removes pv_info setup from - kvmclock. That code seems to serve no purpose. + The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux + kernel through 3.18 uses an improper paravirt_enabled setting for KVM + guest kernels, which makes it easier for guest OS users to bypass the + ASLR protection mechanism via a crafted application that reads a 16-bit + value. Break-Fix: - local-2014-8134 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-armadaxp in Ubuntu. https://bugs.launchpad.net/bugs/1400314 Title: CVE-2014-8134 Status in linux package in Ubuntu: Fix Committed Status in linux-armadaxp package in Ubuntu: Invalid Status in linux-ec2 package in Ubuntu: Invalid Status in linux-fsl-imx51 package in Ubuntu: Invalid Status in linux-lts-backport-maverick package in Ubuntu: New Status in linux-lts-backport-natty package in Ubuntu: New Status in linux-lts-quantal package in Ubuntu: Invalid Status in linux-lts-raring package in Ubuntu: Invalid Status in linux-lts-saucy package in Ubuntu: Invalid Status in linux-lts-trusty package in Ubuntu: Invalid Status in linux-lts-utopic package in Ubuntu: Invalid Status in linux-mvl-dove package in Ubuntu: Invalid Status in linux-ti-omap4 package in Ubuntu: Invalid Status in linux source package in Lucid: Fix Released Status in linux-armadaxp source package in Lucid: Invalid Status in linux-ec2 source package in Lucid: Fix Released Status in linux-fsl-imx51 source package in Lucid: Invalid Status in linux-lts-backport-maverick source package in Lucid: New Status in linux-lts-backport-natty source package in Lucid: New Status in linux-lts-quantal source package in Lucid: Invalid Status in linux-lts-raring source package in Lucid: Invalid Status in linux-lts-saucy source package in Lucid: Invalid Status in linux-lts-trusty source package in Lucid: Invalid Status in linux-lts-utopic source package in Lucid: Invalid Status in linux-mvl-dove source package in Lucid: Invalid Status in linux-ti-omap4 source package in Lucid: Invalid Status in linux source package in Precise: Fix Released Status in linux-armadaxp source package in Precise: Fix Released Status in linux-ec2 source package in Precise: Invalid Status in linux-fsl-imx51 source package in Precise: Invalid Status in linux-lts-backport-maverick source package in Precise: New Status in linux-lts-backport-natty source package in Precise: New Status in linux-lts-quantal source package in Precise: New Status in linux-lts-raring source package in Precise: Invalid Status in linux-lts-saucy source package in Precise: New Status in linux-lts-trusty source package in Precise: Fix Released Status in linux-lts-utopic source package in Precise: Invalid Status in linux-mvl-dove source package in Precise: Invalid Status in linux-ti-omap4 source package in Precise: Fix Released Status in linux source package in Trusty: Fix Released Status in linux-armadaxp source package in Trusty: Invalid Status in linux-ec2 source package in Trusty: Invalid Status in linux-fsl-imx51 source package in Trusty: Invalid Status in linux-lts-backport-maverick source package in Trusty: New Status in linux-lts-backport-natty source package in Trusty: New Status in linux-lts-quantal source package in Trusty: Invalid Status in linux-lts-raring source package in Trusty: Invalid Status in linux-lts-saucy source package in Trusty: Invalid Status in linux-lts-trusty source package in Trusty: Invalid Status in linux-lts-utopic source package in Trusty: Fix Released Status in linux-mvl-dove source package in Trusty: Invalid Status in linux-ti-omap4 source package in Trusty: Invalid Status in linux source package in Utopic: Fix Released Status in linux-armadaxp source package in Utopic: Invalid Status in linux-ec2 source package in Utopic: Invalid Status in linux-fsl-imx51 source package in Utopic: Invalid Status in linux-lts-backport-maverick source package in Utopic: New Status in linux-lts-backport-natty source package in Utopic: New Status in linux-lts-quantal source package in Utopic: Invalid Status in linux-lts-raring source package in Utopic: Invalid Status in linux-lts-saucy source package in Utopic: Invalid Status in linux-lts-trusty source package in Utopic: Invalid Status in linux-lts-utopic source package in Utopic: Invalid Status in linux-mvl-dove source package in Utopic: Invalid Status in linux-ti-omap4 source package in Utopic: Invalid Status in linux source package in Vivid: Fix Committed Status in linux-armadaxp source package in Vivid: Invalid Status in linux-ec2 source package in Vivid: Invalid Status in linux-fsl-imx51 source package in Vivid: Invalid Status in linux-lts-backport-maverick source package in Vivid: New Status in linux-lts-backport-natty source package in Vivid: New Status in linux-lts-quantal source package in Vivid: Invalid Status in linux-lts-raring source package in Vivid: Invalid Status in linux-lts-saucy source package in Vivid: Invalid Status in linux-lts-trusty source package in Vivid: Invalid Status in linux-lts-utopic source package in Vivid: Invalid Status in linux-mvl-dove source package in Vivid: Invalid Status in linux-ti-omap4 source package in Vivid: Invalid Bug description: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. Break-Fix: - local-2014-8134 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1400314/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp