CVE-2010-4649: Integer Overflow
First published: Fri Jan 07 2011(Updated: )
In ib_uverbs_poll_cq() code there is a potential integer overflow if userspace passes in a large cmd.ne. The calls to kmalloc() would allocate smaller buffers than intended, leading to memory corruption. There iss also an information leak if resp wasn't all used. Unprivileged userspace may call this function, although only if an RDMA device that uses this function is present. Fix this by copying CQ entries one at a time, which avoids the allocation entirely, and also by moving this copying into a function that makes sure to initialize all memory copied to userspace. Upstream commit: <a href="http://git.kernel.org/linus/7182afea8d1afd432a17c18162cc3fd441d0da93">http://git.kernel.org/linus/7182afea8d1afd432a17c18162cc3fd441d0da93</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| debian/user-mode-linux | ||
| Linux Kernel | <2.6.37 | |
| Red Hat Enterprise Linux Server | =5.0 | |
| Red Hat Enterprise Linux Workstation | =5.0 | |
| Red Hat Enterprise Linux Desktop | =5.0 | |
| Red Hat Enterprise Linux Server | =5.6 | |
| Red Hat Enterprise Linux Server EUS | =5.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/46073
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
- https://bugzilla.redhat.com/show_bug.cgi?id=667916
- http://rhn.redhat.com/errata/RHSA-2011-0927.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7182afea8d1afd432a17c18162cc3fd441d0da93
- http://git.kernel.org/linus/7182afea8d1afd432a17c18162cc3fd441d0da93
- https://access.redhat.com/security/cve/CVE-2010-4649
- https://access.redhat.com/security/cve/CVE-2011-1044
- https://rhn.redhat.com/errata/RHSA-2011-0330.html
- https://access.redhat.com/support/policy/updates/errata/
- https://rhn.redhat.com/errata/RHSA-2011-0927.html
- https://rhn.redhat.com/errata/RHSA-2011-0498.html
- https://launchpad.net/bugs/cve/CVE-2010-4649
- https://security-tracker.debian.org/tracker/CVE-2010-4649
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649
- https://nvd.nist.gov/vuln/detail/CVE-2010-4649
- https://ubuntu.com/security/CVE-2010-4649
Frequently Asked Questions
What is the severity of CVE-2010-4649?
CVE-2010-4649 has a severity rating that indicates a potential for memory corruption and information disclosure.
How do I fix CVE-2010-4649?
To fix CVE-2010-4649, ensure that your Linux kernel is updated to version 2.6.37 or later.
Who is affected by CVE-2010-4649?
CVE-2010-4649 affects unprivileged userspace while using certain versions of the Linux kernel.
What vulnerabilities are associated with CVE-2010-4649?
CVE-2010-4649 is associated with memory corruption and information leakage vulnerabilities.
What is the impact of exploiting CVE-2010-4649?
Exploiting CVE-2010-4649 could lead to memory corruption and potential exposure of sensitive information.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-4649
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/weakness
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- vendor/redhat
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/5.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/5.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/5.0
- version/red hat enterprise linux server/5.6
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/5.6