USN-1041-1: Linux kernel vulnerabilities
First published: Mon Jan 10 2011(Updated: )
Louis Rilling and Matthieu Fertré reported a use after free error in the Linux kernel's futex_wait function. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges via a specially crafted application. (CVE-2014-0205) Ben Hawkes discovered that the Linux kernel did not correctly filter registers on 64bit kernels when performing 32bit system calls. On a 64bit system, a local attacker could manipulate 32bit system calls to gain root privileges. (CVE-2010-3301) Dan Rosenberg discovered that the btrfs filesystem did not correctly validate permissions when using the clone function. A local attacker could overwrite the contents of file handles that were opened for append-only, or potentially read arbitrary contents, leading to a loss of privacy. (CVE-2010-2537, CVE-2010-2538) Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. A remote attacker could exploit this to read or write disk blocks that had changed file assignment or had become unlinked, leading to a loss of privacy. (CVE-2010-2943) Kees Cook discovered that the Intel i915 graphics driver did not correctly validate memory regions. A local attacker with access to the video card could read and write arbitrary kernel memory to gain root privileges. (CVE-2010-2962) Robert Swiecki discovered that ftrace did not correctly handle mutexes. A local attacker could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-3079) Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297, CVE-2010-3298) It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-3698) Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-3858) Kees Cook discovered that the ethtool interface did not correctly clear kernel memory. A local attacker could read kernel heap memory, leading to a loss of privacy. (CVE-2010-3861) Kees Cook and Vasiliy Kulikov discovered that the shm interface did not clear kernel memory correctly. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4072) Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080, CVE-2010-4081) James Bottomley discovered that the ICP vortex storage array controller driver did not validate certain sizes. A local attacker on a 64bit system could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-4157) Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. If the mmap_min-addr sysctl was changed from the Ubuntu default to a value of 0, a local attacker could exploit this flaw to gain root privileges. (CVE-2010-4242) Kees Cook discovered that some ethtool functions did not correctly clear heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit this to read portions of kernel heap memory, leading to a loss of privacy. (CVE-2010-4655)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-2.6.31-22-server | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-22-ia64 | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-307-ec2 | <2.6.31-307.23 | 2.6.31-307.23 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-22-generic-pae | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-22-386 | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-22-powerpc | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-22-sparc64 | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-22-sparc64-smp | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-22-powerpc-smp | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-22-virtual | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-22-powerpc64-smp | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-22-generic | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.31-22-lpia | <2.6.31-22.70 | 2.6.31-22.70 |
| =9.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.35-24-powerpc | <2.6.35-24.42 | 2.6.35-24.42 |
| =10.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.35-24-generic-pae | <2.6.35-24.42 | 2.6.35-24.42 |
| =10.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.35-24-virtual | <2.6.35-24.42 | 2.6.35-24.42 |
| =10.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.35-24-server | <2.6.35-24.42 | 2.6.35-24.42 |
| =10.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.35-24-versatile | <2.6.35-24.42 | 2.6.35-24.42 |
| =10.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.35-24-omap | <2.6.35-24.42 | 2.6.35-24.42 |
| =10.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.35-24-generic | <2.6.35-24.42 | 2.6.35-24.42 |
| =10.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.35-24-powerpc64-smp | <2.6.35-24.42 | 2.6.35-24.42 |
| =10.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.35-24-powerpc-smp | <2.6.35-24.42 | 2.6.35-24.42 |
| =10.10 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-server | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-generic | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-ia64 | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-preempt | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-generic-pae | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-311-ec2 | <2.6.32-311.23 | 2.6.32-311.23 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-386 | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-powerpc | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-sparc64 | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-sparc64-smp | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-powerpc-smp | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-virtual | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-powerpc64-smp | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-lpia | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 | ||
| All of | ||
| ubuntu/linux-image-2.6.32-27-versatile | <2.6.32-27.49 | 2.6.32-27.49 |
| =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2010-3698
- https://ubuntu.com/security/CVE-2014-0205
- https://ubuntu.com/security/CVE-2010-2537
- https://ubuntu.com/security/CVE-2010-2538
- https://ubuntu.com/security/CVE-2010-2943
- https://ubuntu.com/security/CVE-2010-2962
- https://ubuntu.com/security/CVE-2010-3079
- https://ubuntu.com/security/CVE-2010-3296
- https://ubuntu.com/security/CVE-2010-3297
- https://ubuntu.com/security/CVE-2010-3298
- https://ubuntu.com/security/CVE-2010-3301
- https://ubuntu.com/security/CVE-2010-3858
- https://ubuntu.com/security/CVE-2010-3861
- https://ubuntu.com/security/CVE-2010-4072
- https://ubuntu.com/security/CVE-2010-4080
- https://ubuntu.com/security/CVE-2010-4081
- https://ubuntu.com/security/CVE-2010-4157
- https://ubuntu.com/security/CVE-2010-4242
- https://ubuntu.com/security/CVE-2010-4655
- https://ubuntu.com/security/notices/USN-1073-1
- https://ubuntu.com/security/notices/USN-1072-1
- https://ubuntu.com/security/notices/USN-1074-1
- https://ubuntu.com/security/notices/USN-1081-1
- https://ubuntu.com/security/notices/USN-1187-1
- https://ubuntu.com/security/notices/USN-1074-2
- https://ubuntu.com/security/notices/USN-1093-1
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1057-1
- https://ubuntu.com/security/notices/USN-1119-1
- https://ubuntu.com/security/notices/USN-1202-1
- https://ubuntu.com/security/notices/USN-988-1
- https://ubuntu.com/security/notices/USN-1164-1
- https://ubuntu.com/security/notices/USN-1071-1
- https://ubuntu.com/security/notices/USN-1092-1
- https://ubuntu.com/security/notices/USN-1089-1
- https://ubuntu.com/security/notices/USN-1105-1
- https://ubuntu.com/security/notices/USN-1204-1
- https://ubuntu.com/security/notices/USN-1146-1
- https://launchpad.net/ubuntu/+source/linux/2.6.31-22.70
- https://launchpad.net/ubuntu/+source/linux-ec2/2.6.31-307.23
- https://launchpad.net/ubuntu/+source/linux/2.6.35-24.42
- https://launchpad.net/ubuntu/+source/linux/2.6.32-27.49
- https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-311.23
- https://ubuntu.com/security/notices/USN-1041-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
- agent/references
- agent/severity
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- anchor-related/USN-1073-1
- anchor-related/USN-1072-1
- anchor-related/USN-1074-1
- anchor-related/USN-1081-1
- anchor-related/USN-1187-1
- anchor-related/USN-1074-2
- anchor-related/USN-1093-1
- anchor-related/USN-1083-1
- anchor-related/USN-1057-1
- anchor-related/USN-1119-1
- anchor-related/USN-1202-1
- anchor-related/USN-988-1
- anchor-related/USN-1164-1
- anchor-related/USN-1071-1
- anchor-related/USN-1092-1
- anchor-related/USN-1089-1
- anchor-related/USN-1105-1
- anchor-related/USN-1204-1
- anchor-related/USN-1146-1
- agent/software-canonical-lookup
- agent/title
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/9.10
- version/ubuntu ubuntu/10.10
- version/ubuntu ubuntu/10.04