Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-1819

Publication date 6 March 2013

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map.

From the Ubuntu Security Team

A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem.

Read the notes from the security team

Status

Package Ubuntu Release Status
linux 14.04 LTS trusty
Not affected
13.10 saucy
Not affected
13.04 raring
Not affected
12.10 quantal Ignored
12.04 LTS precise Ignored
11.10 oneiric Ignored
10.04 LTS lucid
Not affected
8.04 LTS hardy Ignored
linux-2.6 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
linux-armadaxp 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal
Fixed 3.5.0-1622.30
12.04 LTS precise Ignored
11.10 oneiric Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
linux-ec2 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
10.04 LTS lucid
Not affected
8.04 LTS hardy Not in release
linux-flo 14.04 LTS trusty Ignored
13.10 saucy Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-fsl-imx51 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
10.04 LTS lucid Ignored
8.04 LTS hardy Not in release
linux-goldfish 14.04 LTS trusty Ignored
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-grouper 14.04 LTS trusty Not in release
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-linaro-omap 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored
12.04 LTS precise Ignored
11.10 oneiric Ignored
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
linux-linaro-shared 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored
12.04 LTS precise Ignored
11.10 oneiric Ignored
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
linux-linaro-vexpress 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored
12.04 LTS precise Ignored
11.10 oneiric Ignored
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
linux-lts-backport-maverick 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
10.04 LTS lucid Ignored
8.04 LTS hardy Not in release
linux-lts-backport-oneiric 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
10.04 LTS lucid Ignored
8.04 LTS hardy Not in release
linux-lts-quantal 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Ignored
11.10 oneiric Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
linux-lts-raring 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise
Not affected
11.10 oneiric Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
linux-lts-trusty 14.04 LTS trusty Not in release
13.10 saucy Not in release
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release
linux-maguro 14.04 LTS trusty Not in release
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-mako 14.04 LTS trusty Ignored
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-manta 14.04 LTS trusty Ignored
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-mvl-dove 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
10.04 LTS lucid Ignored
8.04 LTS hardy Not in release
linux-qcm-msm 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored
12.04 LTS precise Ignored
11.10 oneiric Ignored
10.04 LTS lucid Ignored
8.04 LTS hardy Not in release
linux-ti-omap4 14.04 LTS trusty Not in release
13.10 saucy Ignored
13.04 raring
Fixed 3.5.0-233.49
12.10 quantal
Fixed 3.5.0-233.49
12.04 LTS precise Ignored
11.10 oneiric Ignored
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release

Notes

henrix

This CVE has minor impact as it requires root privileges to mount a corrupted image. Also, it is too risky to backport the fix to older kernels (Precise, in this case).

jjohansen

precise_linux and precise_linux-lts-quantal ignored (was in USN-1968-1/3.2.0-54.82 reverted minor priority CVE with high risk of regression in backport) precise_linux-armadaxp ignored due to high risk of regression in backport

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
linux

References

Related Ubuntu Security Notices (USN)

    • USN-1968-1
    • Linux kernel vulnerabilities
    • 27 September 2013
    • USN-1969-1
    • Linux kernel (OMAP4) vulnerabilities
    • 27 September 2013
    • USN-1973-1
    • Linux kernel (OMAP4) vulnerabilities
    • 27 September 2013
    • USN-1970-1
    • Linux kernel (Quantal HWE) vulnerabilities
    • 27 September 2013
    • USN-1975-1
    • Linux kernel (OMAP4) vulnerabilities
    • 27 September 2013
    • USN-1972-1
    • Linux kernel vulnerabilities
    • 27 September 2013

Other references