- Vulnerability/
- USN-1204-1
USN-1204-1: Linux kernel (i.MX51) vulnerabilities
First published: Tue Sep 13 2011(Updated: )
Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. (CVE-2010-3859) Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077) Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4158) Dan Rosenberg discovered that the Linux kernel L2TP implementation contained multiple integer signedness errors. A local attacker could exploit this to to crash the kernel, or possibly gain root privileges. (CVE-2010-4160) Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4162) Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2010-4163, CVE-2010-4668) Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4175) Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. If the mmap_min-addr sysctl was changed from the Ubuntu default to a value of 0, a local attacker could exploit this flaw to gain root privileges. (CVE-2010-4242) Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. (CVE-2010-4243) Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805) It was discovered that the ICMP stack did not correctly handle certain unreachable messages. If a remote attacker were able to acquire a socket lock, they could send specially crafted traffic that would crash the system, leading to a denial of service. (CVE-2010-4526) Dan Carpenter discovered that the Infiniband driver did not correctly handle certain requests. A local user could exploit this to crash the system or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044) Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit. (CVE-2011-0726) Timo Warns discovered that MAC partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system or potentially gain root privileges. (CVE-2011-1010) Timo Warns discovered that LDM partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1012) Matthiew Herrb discovered that the drm modeset interface did not correctly handle a signed comparison. A local attacker could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1013) It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Nelson Elhage discovered that the epoll subsystem did not correctly handle certain structures. A local attacker could create malicious requests that would hang the system, leading to a denial of service. (CVE-2011-1082) Neil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. (CVE-2011-1090) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Timo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy. (CVE-2011-1163) Vasiliy Kulikov discovered that the netfilter code did not check certain strings copied from userspace. A local attacker with netfilter access could exploit this to read kernel memory or crash the system, leading to a denial of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534) Vasiliy Kulikov discovered that the Acorn Universal Networking driver did not correctly initialize memory. A remote attacker could send specially crafted traffic to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1173) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1598) Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918) A flaw was found in the Linux kernel's /proc//map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637) Dan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by amateur radio. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4913) Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-2.6.31-610-imx51 | <2.6.31-610.28 | 2.6.31-610.28 |
| =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2011-2918
- https://ubuntu.com/security/CVE-2011-3637
- https://ubuntu.com/security/CVE-2011-4913
- https://ubuntu.com/security/CVE-2011-4914
- https://ubuntu.com/security/CVE-2010-3859
- https://ubuntu.com/security/CVE-2010-4075
- https://ubuntu.com/security/CVE-2010-4076
- https://ubuntu.com/security/CVE-2010-4077
- https://ubuntu.com/security/CVE-2010-4158
- https://ubuntu.com/security/CVE-2010-4160
- https://ubuntu.com/security/CVE-2010-4162
- https://ubuntu.com/security/CVE-2010-4163
- https://ubuntu.com/security/CVE-2010-4175
- https://ubuntu.com/security/CVE-2010-4242
- https://ubuntu.com/security/CVE-2010-4243
- https://ubuntu.com/security/CVE-2010-4251
- https://ubuntu.com/security/CVE-2010-4526
- https://ubuntu.com/security/CVE-2010-4649
- https://ubuntu.com/security/CVE-2010-4668
- https://ubuntu.com/security/CVE-2010-4805
- https://ubuntu.com/security/CVE-2011-0726
- https://ubuntu.com/security/CVE-2011-1010
- https://ubuntu.com/security/CVE-2011-1012
- https://ubuntu.com/security/CVE-2011-1013
- https://ubuntu.com/security/CVE-2011-1020
- https://ubuntu.com/security/CVE-2011-1044
- https://ubuntu.com/security/CVE-2011-1078
- https://ubuntu.com/security/CVE-2011-1079
- https://ubuntu.com/security/CVE-2011-1080
- https://ubuntu.com/security/CVE-2011-1082
- https://ubuntu.com/security/CVE-2011-1090
- https://ubuntu.com/security/CVE-2011-1093
- https://ubuntu.com/security/CVE-2011-1160
- https://ubuntu.com/security/CVE-2011-1163
- https://ubuntu.com/security/CVE-2011-1170
- https://ubuntu.com/security/CVE-2011-1171
- https://ubuntu.com/security/CVE-2011-1172
- https://ubuntu.com/security/CVE-2011-1173
- https://ubuntu.com/security/CVE-2011-1180
- https://ubuntu.com/security/CVE-2011-1478
- https://ubuntu.com/security/CVE-2011-1493
- https://ubuntu.com/security/CVE-2011-1577
- https://ubuntu.com/security/CVE-2011-1598
- https://ubuntu.com/security/CVE-2011-1770
- https://ubuntu.com/security/CVE-2011-1833
- https://ubuntu.com/security/CVE-2011-2484
- https://ubuntu.com/security/CVE-2011-2492
- https://ubuntu.com/security/CVE-2011-2534
- https://ubuntu.com/security/CVE-2011-2699
- https://ubuntu.com/security/notices/USN-1208-1
- https://ubuntu.com/security/notices/USN-1219-1
- https://ubuntu.com/security/notices/USN-1202-1
- https://ubuntu.com/security/notices/USN-1211-1
- https://ubuntu.com/security/notices/USN-1203-1
- https://ubuntu.com/security/notices/USN-1218-1
- https://ubuntu.com/security/notices/USN-1227-1
- https://ubuntu.com/security/notices/USN-1256-1
- https://ubuntu.com/security/notices/USN-1212-1
- https://ubuntu.com/security/notices/USN-1216-1
- https://ubuntu.com/security/notices/USN-1205-1
- https://ubuntu.com/security/notices/USN-1201-1
- https://ubuntu.com/security/notices/USN-1189-1
- https://ubuntu.com/security/notices/USN-1160-1
- https://ubuntu.com/security/notices/USN-1141-1
- https://ubuntu.com/security/notices/USN-1162-1
- https://ubuntu.com/security/notices/USN-1167-1
- https://ubuntu.com/security/notices/USN-1187-1
- https://ubuntu.com/security/notices/USN-1159-1
- https://ubuntu.com/security/notices/USN-1073-1
- https://ubuntu.com/security/notices/USN-1072-1
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1054-1
- https://ubuntu.com/security/notices/USN-1071-1
- https://ubuntu.com/security/notices/USN-1093-1
- https://ubuntu.com/security/notices/USN-1092-1
- https://ubuntu.com/security/notices/USN-1090-1
- https://ubuntu.com/security/notices/USN-1089-1
- https://ubuntu.com/security/notices/USN-1105-1
- https://ubuntu.com/security/notices/USN-1086-1
- https://ubuntu.com/security/notices/USN-1183-1
- https://ubuntu.com/security/notices/USN-1170-1
- https://ubuntu.com/security/notices/USN-1119-1
- https://ubuntu.com/security/notices/USN-1041-1
- https://ubuntu.com/security/notices/USN-1080-1
- https://ubuntu.com/security/notices/USN-1080-2
- https://ubuntu.com/security/notices/USN-1186-1
- https://ubuntu.com/security/notices/USN-1081-1
- https://ubuntu.com/security/notices/USN-1146-1
- https://ubuntu.com/security/notices/USN-1168-1
- https://ubuntu.com/security/notices/USN-1161-1
- https://ubuntu.com/security/notices/USN-1193-1
- https://ubuntu.com/security/notices/USN-1253-1
- https://ubuntu.com/security/notices/USN-1239-1
- https://ubuntu.com/security/notices/USN-1188-1
- https://ubuntu.com/security/notices/USN-1240-1
- https://ubuntu.com/security/notices/USN-1245-1
- https://ubuntu.com/security/notices/USN-1225-1
- https://launchpad.net/ubuntu/+source/linux-fsl-imx51/2.6.31-610.28
- https://ubuntu.com/security/notices/USN-1204-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
- CVE-2011-2918
- CVE-2011-3637
- CVE-2011-4913
- CVE-2011-4914
- CVE-2010-3859
- CVE-2010-4075
- CVE-2010-4076
- CVE-2010-4077
- CVE-2010-4158
- CVE-2010-4160
- CVE-2010-4162
- CVE-2010-4163
- CVE-2010-4175
- CVE-2010-4242
- CVE-2010-4243
- CVE-2010-4251
- CVE-2010-4526
- CVE-2010-4649
- CVE-2010-4668
- CVE-2010-4805
- CVE-2011-0726
- CVE-2011-1010
- CVE-2011-1012
- CVE-2011-1013
- CVE-2011-1020
- CVE-2011-1044
- CVE-2011-1078
- CVE-2011-1079
- CVE-2011-1080
- CVE-2011-1082
- CVE-2011-1090
- CVE-2011-1093
- CVE-2011-1160
- CVE-2011-1163
- CVE-2011-1170
- CVE-2011-1171
- CVE-2011-1172
- CVE-2011-1173
- CVE-2011-1180
- CVE-2011-1478
- CVE-2011-1493
- CVE-2011-1577
- CVE-2011-1598
- CVE-2011-1770
- CVE-2011-1833
- CVE-2011-2484
- CVE-2011-2492
- CVE-2011-2534
- CVE-2011-2699
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/title
- agent/references
- agent/description
- agent/event
- agent/tags
- agent/trending
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/10.04