Bugzilla – Bug 850263
VUL-1: CVE-2013-6763: kernel: kernel module uio in the Linux kernel before 3.12 does not validate the size of a memory block
Last modified: 2015-06-26 11:10:23 UTC
CVE-2013-6763 The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6763 https://github.com/torvalds/linux/blob/7314e613d5ff9f0934f7a0f74ed7973b903315d1/drivers/uio/uio.c
bugbot adjusting priority
Hi Victor, this one looks like a duplicate of 849021 to me. No?
NVD database says its different from CVE-2013-4511. Although it seems to be in the same git blob.
Affected packages: SLE-11-SP3: kernel-source SLE-11-SP1-TERADATA: kernel-source SLE-10-SP4: kernel-source SLE-9-SP3-TERADATA: kernel-source SLE-9-SP4: kernel-source
So what should be done about this one? The patch patch has been merged as part of bug 849021. I have updated references in the bug and added this CVE (to satisfy CVE search engines) although I think it doesn't make much sense to assign two different CVEs to the same problem.
The SWAMPID for this issue is 57234. This issue was rated as important. Please submit fixed packages until 2014-05-14. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: kernel-debug, kernel-debug-base, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-debug-extra, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-docs, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
openSUSE-SU-2014:0766-1: An update that solves 30 vulnerabilities and has 37 fixes is now available. Category: security (moderate) Bug References: 708296,736697,746500,758813,813733,814788,817377,819351,823260,831029,836347,840226,841402,843185,844513,847672,849021,849364,850263,851426,852488,852553,852558,852967,853455,854025,855347,855885,856083,857499,857643,858280,858534,858604,858869,858870,858872,862023,862429,863300,863335,864025,864833,865307,865310,865330,865342,865783,866102,867139,867255,867953,868049,868528,868653,869033,869563,870801,871252,871325,871561,871861,873061,874108,875690,875798,876102 CVE References: CVE-2012-2313,CVE-2013-0343,CVE-2013-1929,CVE-2013-2015,CVE-2013-2147,CVE-2013-4345,CVE-2013-4470,CVE-2013-4511,CVE-2013-4579,CVE-2013-6382,CVE-2013-6383,CVE-2013-6763,CVE-2013-6885,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2013-7339,CVE-2014-00691,CVE-2014-0101,CVE-2014-0196,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2039,CVE-2014-2523,CVE-2014-2678,CVE-2014-3122 Sources used: openSUSE 11.4 (src): kernel-docs-3.0.101-83.3, kernel-source-3.0.101-83.1, kernel-syms-3.0.101-83.1, preload-1.2-6.61.1
considering done, see bug 849021.
This one sounds done, assigning back to sec-team.
and close