Bug 837109 (CVE-2013-4220) - VUL-1: CVE-2013-4220: kernel: arm: local denial of service via ESR
Summary: VUL-1: CVE-2013-4220: kernel: arm: local denial of service via ESR
Status: RESOLVED WONTFIX
Alias: CVE-2013-4220
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: E-mail List
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-27 20:03 UTC by Marcus Meissner
Modified: 2014-03-24 15:44 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-08-27 20:03:18 UTC 
public, via customer query and cve db

The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel before 3.9.5 on the ARM64 platform allows local users to cause a denial of service (system crash) via vectors involving an attempted register access that triggers an unexpected value in the Exception Syndrome Register (ESR).


mainline fix:

https://github.com/torvalds/linux/commit/9955ac47f4ba1c95ecb6092aeaefb40a22e99268 

[oss-security] 20130808 Re: CVE Request: Linux kernel: arm64: unhandled el0 traps
http://www.openwall.com/lists/oss-security/2013/08/08/12
Comment 1 Swamp Workflow Management 2013-08-27 22:00:47 UTC 
bugbot adjusting priority
Comment 2 Takashi Iwai 2014-03-24 15:37:08 UTC 
Do we ever support arm64 in released products with 3.9.5 or earlier kernel?
If not, can we close this?
Comment 3 Marcus Meissner 2014-03-24 15:42:22 UTC 
opensuse 13.1 has aarch64 support, but uses 3.11 kernel.

older versions do not have 64bit arm support.

So I think we can close.
Comment 4 Takashi Iwai 2014-03-24 15:44:50 UTC 
OK, let's close.