- Vulnerability/
- USN-1162-1
USN-1162-1: Linux kernel vulnerabilities (Marvell Dove)
First published: Wed Jun 29 2011(Updated: )
Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. (CVE-2010-4243) Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not correctly handle certain configurations. If such a device was configured without VLANs, a remote attacker could crash the system, leading to a denial of service. (CVE-2010-4263) Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2010-4342) Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. (CVE-2010-4529) Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. (CVE-2010-4565) Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. (CVE-2011-0463) Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2011-0695) Dan Rosenberg discovered that XFS did not correctly initialize memory. A local attacker could make crafted ioctl calls to leak portions of kernel stack memory, leading to a loss of privacy. (CVE-2011-0711) Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit. (CVE-2011-0726) Matthiew Herrb discovered that the drm modeset interface did not correctly handle a signed comparison. A local attacker could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1013) Marek Olšák discovered that the Radeon GPU drivers did not correctly validate certain registers. On systems with specific hardware, a local attacker could exploit this to write to arbitrary video memory. (CVE-2011-1016) Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. (CVE-2011-1017) Vasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not needed to load kernel modules. A local attacker with the CAP_NET_ADMIN capability could load existing kernel modules, possibly increasing the attack surface available on the system. (CVE-2011-1019) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Neil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. (CVE-2011-1090) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Timo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy. (CVE-2011-1163) Vasiliy Kulikov discovered that the netfilter code did not check certain strings copied from userspace. A local attacker with netfilter access could exploit this to read kernel memory or crash the system, leading to a denial of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534) Vasiliy Kulikov discovered that the Acorn Universal Networking driver did not correctly initialize memory. A remote attacker could send specially crafted traffic to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1173) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Julien Tinnes discovered that the kernel did not correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. (CVE-2011-1182) Dan Rosenberg reported errors in the OSS (Open Sound System) MIDI interface. A local attacker on non-x86 systems might be able to cause a denial of service. (CVE-2011-1476) Dan Rosenberg reported errors in the kernel's OSS (Open Sound System) driver for Yamaha FM synthesizer chips. A local user can exploit this to cause memory corruption, causing a denial of service or privilege escalation. (CVE-2011-1477) Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478) Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. (CVE-2011-1494, CVE-2011-1495) It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573) Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1593) Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1598, CVE-2011-1748) Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-1745, CVE-2011-2022) Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746) Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. (CVE-2011-1759) Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770) Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776) A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. (CVE-2011-3359) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363) Maynard Johnson discovered that on POWER7, certain speculative events may raise a performance monitor exception. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-4611) Dan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by amateur radio. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4913)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-2.6.32-217-dove | <2.6.32-217.34 | 2.6.32-217.34 |
| =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2010-4243
- https://ubuntu.com/security/CVE-2010-4263
- https://ubuntu.com/security/CVE-2010-4342
- https://ubuntu.com/security/CVE-2010-4529
- https://ubuntu.com/security/CVE-2010-4565
- https://ubuntu.com/security/CVE-2011-0463
- https://ubuntu.com/security/CVE-2011-0695
- https://ubuntu.com/security/CVE-2011-0711
- https://ubuntu.com/security/CVE-2011-0726
- https://ubuntu.com/security/CVE-2011-1013
- https://ubuntu.com/security/CVE-2011-1016
- https://ubuntu.com/security/CVE-2011-1017
- https://ubuntu.com/security/CVE-2011-1019
- https://ubuntu.com/security/CVE-2011-1078
- https://ubuntu.com/security/CVE-2011-1079
- https://ubuntu.com/security/CVE-2011-1080
- https://ubuntu.com/security/CVE-2011-1090
- https://ubuntu.com/security/CVE-2011-1160
- https://ubuntu.com/security/CVE-2011-1163
- https://ubuntu.com/security/CVE-2011-1170
- https://ubuntu.com/security/CVE-2011-1171
- https://ubuntu.com/security/CVE-2011-1172
- https://ubuntu.com/security/CVE-2011-1173
- https://ubuntu.com/security/CVE-2011-1180
- https://ubuntu.com/security/CVE-2011-1182
- https://ubuntu.com/security/CVE-2011-1476
- https://ubuntu.com/security/CVE-2011-1477
- https://ubuntu.com/security/CVE-2011-1478
- https://ubuntu.com/security/CVE-2011-1494
- https://ubuntu.com/security/CVE-2011-1495
- https://ubuntu.com/security/CVE-2011-1573
- https://ubuntu.com/security/CVE-2011-1593
- https://ubuntu.com/security/CVE-2011-1598
- https://ubuntu.com/security/CVE-2011-1745
- https://ubuntu.com/security/CVE-2011-1746
- https://ubuntu.com/security/CVE-2011-1748
- https://ubuntu.com/security/CVE-2011-1759
- https://ubuntu.com/security/CVE-2011-1770
- https://ubuntu.com/security/CVE-2011-1776
- https://ubuntu.com/security/CVE-2011-2022
- https://ubuntu.com/security/CVE-2011-2534
- https://ubuntu.com/security/CVE-2011-3359
- https://ubuntu.com/security/CVE-2011-3363
- https://ubuntu.com/security/CVE-2011-4611
- https://ubuntu.com/security/CVE-2011-4913
- https://ubuntu.com/security/notices/USN-1202-1
- https://ubuntu.com/security/notices/USN-1141-1
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1054-1
- https://ubuntu.com/security/notices/USN-1204-1
- https://ubuntu.com/security/notices/USN-1159-1
- https://ubuntu.com/security/notices/USN-1164-1
- https://ubuntu.com/security/notices/USN-1133-1
- https://ubuntu.com/security/notices/USN-1111-1
- https://ubuntu.com/security/notices/USN-1081-1
- https://ubuntu.com/security/notices/USN-1187-1
- https://ubuntu.com/security/notices/USN-1119-1
- https://ubuntu.com/security/notices/USN-1160-1
- https://ubuntu.com/security/notices/USN-1146-1
- https://ubuntu.com/security/notices/USN-1167-1
- https://ubuntu.com/security/notices/USN-1212-1
- https://ubuntu.com/security/notices/USN-1186-1
- https://ubuntu.com/security/notices/USN-1170-1
- https://ubuntu.com/security/notices/USN-1168-1
- https://ubuntu.com/security/notices/USN-1161-1
- https://ubuntu.com/security/notices/USN-1189-1
- https://ubuntu.com/security/notices/USN-1256-1
- https://ubuntu.com/security/notices/USN-1183-1
- https://ubuntu.com/security/notices/USN-1394-1
- https://ubuntu.com/security/notices/USN-1390-1
- https://ubuntu.com/security/notices/USN-1241-1
- https://ubuntu.com/security/notices/USN-1236-1
- https://ubuntu.com/security/notices/USN-1341-1
- https://ubuntu.com/security/notices/USN-1332-1
- https://ubuntu.com/security/notices/USN-1383-1
- https://ubuntu.com/security/notices/USN-1205-1
- https://ubuntu.com/security/notices/USN-1201-1
- https://ubuntu.com/security/notices/USN-1219-1
- https://ubuntu.com/security/notices/USN-1228-1
- https://ubuntu.com/security/notices/USN-1220-1
- https://ubuntu.com/security/notices/USN-1227-1
- https://ubuntu.com/security/notices/USN-1225-1
- https://ubuntu.com/security/notices/USN-1325-1
- https://ubuntu.com/security/notices/USN-1323-1
- https://ubuntu.com/security/notices/USN-1243-1
- https://ubuntu.com/security/notices/USN-1281-1
- https://ubuntu.com/security/notices/USN-1244-1
- https://ubuntu.com/security/notices/USN-1242-1
- https://launchpad.net/ubuntu/+source/linux-mvl-dove/2.6.32-217.34
- https://ubuntu.com/security/notices/USN-1162-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
- CVE-2010-4243
- CVE-2010-4263
- CVE-2010-4342
- CVE-2010-4529
- CVE-2010-4565
- CVE-2011-0463
- CVE-2011-0695
- CVE-2011-0711
- CVE-2011-0726
- CVE-2011-1013
- CVE-2011-1016
- CVE-2011-1017
- CVE-2011-1019
- CVE-2011-1078
- CVE-2011-1079
- CVE-2011-1080
- CVE-2011-1090
- CVE-2011-1160
- CVE-2011-1163
- CVE-2011-1170
- CVE-2011-1171
- CVE-2011-1172
- CVE-2011-1173
- CVE-2011-1180
- CVE-2011-1182
- CVE-2011-1476
- CVE-2011-1477
- CVE-2011-1478
- CVE-2011-1494
- CVE-2011-1495
- CVE-2011-1573
- CVE-2011-1593
- CVE-2011-1598
- CVE-2011-1745
- CVE-2011-1746
- CVE-2011-1748
- CVE-2011-1759
- CVE-2011-1770
- CVE-2011-1776
- CVE-2011-2022
- CVE-2011-2534
- CVE-2011-3359
- CVE-2011-3363
- CVE-2011-4611
- CVE-2011-4913
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-1202-1
- anchor-related/USN-1141-1
- anchor-related/USN-1083-1
- anchor-related/USN-1054-1
- anchor-related/USN-1204-1
- anchor-related/USN-1159-1
- anchor-related/USN-1164-1
- anchor-related/USN-1133-1
- anchor-related/USN-1111-1
- anchor-related/USN-1081-1
- anchor-related/USN-1187-1
- anchor-related/USN-1119-1
- anchor-related/USN-1160-1
- anchor-related/USN-1146-1
- anchor-related/USN-1167-1
- anchor-related/USN-1212-1
- anchor-related/USN-1186-1
- anchor-related/USN-1170-1
- anchor-related/USN-1168-1
- anchor-related/USN-1161-1
- anchor-related/USN-1189-1
- anchor-related/USN-1256-1
- anchor-related/USN-1183-1
- anchor-related/USN-1394-1
- anchor-related/USN-1390-1
- anchor-related/USN-1241-1
- anchor-related/USN-1236-1
- anchor-related/USN-1341-1
- anchor-related/USN-1332-1
- anchor-related/USN-1383-1
- anchor-related/USN-1205-1
- anchor-related/USN-1201-1
- anchor-related/USN-1219-1
- anchor-related/USN-1228-1
- anchor-related/USN-1220-1
- anchor-related/USN-1227-1
- anchor-related/USN-1225-1
- anchor-related/USN-1325-1
- anchor-related/USN-1323-1
- anchor-related/USN-1243-1
- anchor-related/USN-1281-1
- anchor-related/USN-1244-1
- anchor-related/USN-1242-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/10.04