CWE
190 476
Advisory Published

RHSA-2011:0330: Important: kernel-rt security and bug fix update

First published: Thu Mar 10 2011(Updated: )

The kernel-rt packages contain the Linux kernel, the core of any Linux<br>operating system.<br>Security fixes:<br><li> Missing boundary checks in the PPP over L2TP sockets implementation could</li> allow a local, unprivileged user to cause a denial of service or escalate<br>their privileges. (CVE-2010-4160, Important)<br><li> Integer overflow in ib_uverbs_poll_cq() could allow a local, unprivileged</li> user to cause a denial of service or escalate their privileges.<br>(CVE-2010-4649, Important)<br><li> Missing boundary check in dvb_ca_ioctl() in the av7110 module. On systems</li> using old DVB cards requiring the av7110 module, a local, unprivileged user<br>could use this flaw to cause a denial of service or escalate their<br>privileges. (CVE-2011-0521, Important)<br><li> Flaw in tcf_act_police_dump() in the network traffic policing</li> implementation could allow a local, unprivileged user to cause an<br>information leak. (CVE-2010-3477, Moderate)<br><li> Missing boundary checks in the block layer implementation could allow a</li> local, unprivileged user to cause a denial of service. (CVE-2010-4162,<br>CVE-2010-4163, CVE-2010-4668, Moderate)<br><li> Divide-by-zero flaw in tcp_select_initial_window() in the Linux kernel's</li> TCP/IP protocol suite implementation could allow a local, unprivileged user<br>to cause a denial of service. (CVE-2010-4165, Moderate)<br><li> NULL pointer dereference flaw in the Bluetooth HCI UART driver could</li> allow a local, unprivileged user to cause a denial of service.<br>(CVE-2010-4242, Moderate)<br><li> Flaw in the CPU time clocks implementation for the POSIX clock interface</li> could allow a local, unprivileged user to cause a denial of service.<br>(CVE-2010-4248, Moderate)<br><li> Flaw in the garbage collector for AF_UNIX sockets could allow a local,</li> unprivileged user to trigger a denial of service (out-of-memory condition).<br>(CVE-2010-4249, Moderate)<br><li> Memory leak in the inotify_init() system call. In some cases, it could</li> leak a group, which could allow a local, unprivileged user to eventually<br>cause a denial of service. (CVE-2010-4250, Moderate)<br><li> /sys/kernel/debug/acpi/custom_method had world-writable permissions,</li> which could allow a local, unprivileged user to escalate their privileges.<br>Note: The debugfs file system must be mounted locally to exploit this<br>issue. It is not mounted by default. (CVE-2010-4347, Moderate)<br><li> Heap overflow in iowarrior_write() could allow a user with access to an</li> IO-Warrior USB device to cause a denial of service or escalate their<br>privileges. (CVE-2010-4656, Moderate)<br><li> Missing security check in the Linux kernel's implementation of the</li> install_special_mapping routine could allow a local, unprivileged user to<br>bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)<br><li> Information leak in bcm_connect() in the Controller Area Network (CAN)</li> Broadcast Manager implementation could allow a local, unprivileged user to<br>leak kernel mode addresses in /proc/net/can-bcm. (CVE-2010-4565, Low)<br><li> A logic error in orinoco_ioctl_set_auth() in the Linux kernel's ORiNOCO</li> wireless extensions support implementation could render TKIP<br>countermeasures ineffective when it is enabled, as it enabled the card<br>instead of shutting it down. (CVE-2010-4648, Low)<br><li> Missing initialization flaw in ethtool_get_regs() could allow a local</li> user who has the CAP_NET_ADMIN capability to cause an information leak.<br>(CVE-2010-4655, Low)<br><li> Flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to</li> cause an information leak. (CVE-2011-1044, Low)<br>Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-4160,<br>CVE-2010-4162, CVE-2010-4163, CVE-2010-4668, and CVE-2010-4565; Steve Chen<br>for reporting CVE-2010-4165; Alan Cox for reporting CVE-2010-4242; Vegard<br>Nossum for reporting CVE-2010-4249 and CVE-2010-4250; Kees Cook for<br>reporting CVE-2010-4656 and CVE-2010-4655; and Tavis Ormandy for reporting<br>CVE-2010-4346.<br>This update also fixes three bugs. Documentation for these bug fixes will<br>be available shortly from the Technical Notes document linked to in the<br>References section.<br>

Affected SoftwareAffected VersionHow to fix

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203