Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

USN-1041-1: Linux kernel vulnerabilities

10 January 2011

Multiple security flaws in Linux kernel.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

Details

Louis Rilling and Matthieu Fertré reported a use after free error in the
Linux kernel's futex_wait function. A local user could exploit this flaw to
cause a denial of service (system crash) or possibly gain privileges via a
specially crafted application. (CVE-2014-0205)

Ben Hawkes discovered that the Linux kernel did not correctly filter
registers on 64bit kernels when performing 32bit system calls. On a 64bit
system, a local attacker could manipulate 32bit system calls to gain root
privileges. (CVE-2010-3301)

Dan Rosenberg discovered that the btrfs filesystem did not correctly
validate permissions when using the clone function. A local attacker could
overwrite the contents of file handles that were opened for append-only, or
potentially read arbitrary contents, leading to a loss of privacy.
(CVE-2010-2537, CVE-2010-2538)

Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
read or write disk blocks that had changed file assignment or had become
unlinked, leading to a loss of privacy. (CVE-2010-2943)

Kees Cook discovered that the Intel i915 graphics driver did not correctly
validate memory regions. A local attacker with access to the video card
could read and write arbitrary kernel memory to gain root privileges.
(CVE-2010-2962)

Robert Swiecki discovered that ftrace did not correctly handle mutexes. A
local attacker could exploit this to crash the kernel, leading to a denial
of service. (CVE-2010-3079)

Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297,
CVE-2010-3298)

It was discovered that KVM did not correctly initialize certain CPU
registers. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-3698)

Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)

Kees Cook discovered that the ethtool interface did not correctly clear
kernel memory. A local attacker could read kernel heap memory, leading to a
loss of privacy. (CVE-2010-3861)

Kees Cook and Vasiliy Kulikov discovered that the shm interface did not
clear kernel memory correctly. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4072)

Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver
did not correctly clear kernel memory. A local attacker could exploit this
to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,
CVE-2010-4081)

James Bottomley discovered that the ICP vortex storage array controller
driver did not validate certain sizes. A local attacker on a 64bit system
could exploit this to crash the kernel, leading to a denial of service.
(CVE-2010-4157)

Alan Cox discovered that the HCI UART driver did not correctly check if a
write operation was available. If the mmap_min-addr sysctl was changed from
the Ubuntu default to a value of 0, a local attacker could exploit this
flaw to gain root privileges. (CVE-2010-4242)

Kees Cook discovered that some ethtool functions did not correctly clear
heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit
this to read portions of kernel heap memory, leading to a loss of privacy.
(CVE-2010-4655)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 10.10
Ubuntu 10.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the Ubuntu 10.04 LTS and
Ubuntu 10.10 kernel updates have been given a new version number,
which requires you to recompile and reinstall all third party kernel
modules you might have installed. If you use linux-restricted-modules,
you have to update that package as well to get modules which work with
the new kernel version. Unless you manually uninstalled the standard
kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc),
a standard system upgrade will automatically perform this as well.

Related notices

  • USN-1073-1: linux-image-2.6.31-22-powerpc, linux-image-2.6.31-22-server, linux, linux-image-2.6.31-22-sparc64-smp, linux-ec2, linux-image-2.6.31-22-lpia, linux-image-2.6.31-22-powerpc-smp, linux-image-2.6.31-22-generic-pae, linux-image-2.6.31-22-generic, linux-image-2.6.31-22-sparc64, linux-image-2.6.31-22-powerpc64-smp, linux-image-2.6.31-22-virtual, linux-image-2.6.31-22-ia64, linux-image-2.6.31-22-386, linux-image-2.6.31-307-ec2
  • USN-1072-1: linux-image-2.6.24-28-openvz, linux-image-2.6.24-28-generic, linux-image-2.6.24-28-server, linux-image-2.6.24-28-386, linux-image-2.6.24-28-lpiacompat, linux-image-2.6.24-28-rt, linux-image-2.6.24-28-sparc64, linux-image-2.6.24-28-mckinley, linux-image-2.6.24-28-sparc64-smp, linux-image-2.6.24-28-powerpc, linux, linux-image-2.6.24-28-hppa64, linux-image-2.6.24-28-powerpc64-smp, linux-image-2.6.24-28-virtual, linux-image-2.6.24-28-itanium, linux-image-2.6.24-28-hppa32, linux-image-2.6.24-28-powerpc-smp, linux-image-2.6.24-28-lpia, linux-image-2.6.24-28-xen
  • USN-1074-1: linux-image-2.6.31-112-imx51, linux-fsl-imx51
  • USN-1081-1: linux-image-2.6.35-27-powerpc64-smp, linux-image-2.6.35-27-generic, linux, linux-image-2.6.35-27-powerpc, linux-image-2.6.35-27-omap, linux-image-2.6.35-27-powerpc-smp, linux-image-2.6.35-27-versatile, linux-image-2.6.35-27-generic-pae, linux-image-2.6.35-27-server, linux-image-2.6.35-27-virtual
  • USN-1187-1: linux-image-2.6.35-30-generic, linux-lts-backport-maverick, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-server
  • USN-1074-2: linux-image-2.6.31-608-imx51, linux-fsl-imx51
  • USN-1093-1: linux-mvl-dove, linux-image-2.6.32-416-dove, linux-image-2.6.32-216-dove
  • USN-1083-1: linux-lts-backport-maverick, linux-image-2.6.35-25-virtual, linux-image-2.6.35-25-server, linux-image-2.6.35-25-generic-pae, linux-image-2.6.35-25-generic
  • USN-1057-1: linux-image-2.6.15-55-hppa64-smp, linux-image-2.6.15-55-powerpc, linux-image-2.6.15-55-powerpc64-smp, linux-source-2.6.15, linux-image-2.6.15-55-hppa64, linux-image-2.6.15-55-sparc64-smp, linux-image-2.6.15-55-powerpc-smp, linux-image-2.6.15-55-amd64-generic, linux-image-2.6.15-55-386, linux-image-2.6.15-55-hppa32, linux-image-2.6.15-55-amd64-k8, linux-image-2.6.15-55-itanium-smp, linux-image-2.6.15-55-amd64-xeon, linux-image-2.6.15-55-sparc64, linux-image-2.6.15-55-server, linux-image-2.6.15-55-server-bigiron, linux-image-2.6.15-55-mckinley, linux-image-2.6.15-55-k7, linux-image-2.6.15-55-686, linux-image-2.6.15-55-hppa32-smp, linux-image-2.6.15-55-amd64-server, linux-image-2.6.15-55-itanium, linux-image-2.6.15-55-mckinley-smp
  • USN-1119-1: linux-ti-omap4, linux-image-2.6.35-903-omap4
  • USN-1202-1: linux-ti-omap4, linux-image-2.6.35-903-omap4
  • USN-988-1: linux-image-2.6.32-24-generic-dbgsym, linux-image-2.6.15-55-powerpc, linux-image-2.6.24-28-openvz, linux-image-2.6.15-55-amd64-generic, linux-image-2.6.32-24-virtual, linux-image-2.6.28-19-iop32x, linux-image-2.6.24-28-sparc64-smp, linux-image-2.6.31-22-powerpc64-smp, linux-image-2.6.15-55-amd64-xeon, linux-image-2.6.24-28-powerpc, linux-image-2.6.32-24-powerpc64-smp, linux-image-2.6.28-19-server, linux-image-2.6.32-24-generic, linux-image-2.6.15-55-hppa32-smp, linux-image-2.6.24-28-virtual, linux-image-2.6.24-28-powerpc-smp, linux-image-2.6.24-28-lpia, linux-image-2.6.32-24-powerpc-smp-dbgsym, linux-image-2.6.32-24-powerpc, linux-image-2.6.15-55-mckinley-smp, linux-image-2.6.15-55-hppa64-smp, linux-source-2.6.15, linux-image-2.6.15-55-sparc64-smp, linux-image-2.6.31-22-sparc64-smp, linux-image-2.6.32-24-386, linux-image-2.6.31-22-generic, linux-image-2.6.15-55-powerpc-smp, linux-image-2.6.32-24-generic-pae, linux-image-2.6.31-22-virtual, linux-image-2.6.28-19-lpia, linux-image-2.6.32-24-ia64, linux-image-2.6.32-24-sparc64-smp-dbgsym, linux-image-2.6.32-24-powerpc64-smp-dbgsym, linux-image-2.6.15-55-sparc64, linux-image-2.6.32-24-sparc64-smp, linux, linux-image-2.6.15-55-server, linux-image-2.6.32-24-powerpc-dbgsym, linux-image-2.6.31-22-lpia, linux-image-2.6.24-28-hppa64, linux-image-2.6.31-22-386, linux-image-2.6.28-19-versatile, linux-image-2.6.31-22-powerpc, linux-image-2.6.32-24-lpia, linux-image-2.6.24-28-itanium, linux-image-2.6.28-19-imx51, linux-image-2.6.15-55-itanium, linux-image-2.6.24-28-xen, linux-image-2.6.15-55-powerpc64-smp, linux-image-2.6.15-55-hppa64, linux-image-2.6.31-22-sparc64, linux-image-2.6.24-28-generic, linux-image-2.6.32-24-386-dbgsym, linux-image-2.6.24-28-rt, linux-image-2.6.32-24-server, linux-image-2.6.15-55-386, linux-image-2.6.32-24-server-dbgsym, linux-image-2.6.32-24-lpia-dbgsym, linux-image-2.6.28-19-ixp4xx, linux-image-2.6.31-22-powerpc-smp, linux-image-2.6.15-55-mckinley, linux-image-2.6.15-55-k7, linux-image-2.6.15-55-686, linux-image-2.6.24-28-powerpc64-smp, linux-image-2.6.32-24-versatile, linux-image-2.6.24-28-hppa32, linux-image-2.6.15-55-amd64-server, linux-image-2.6.31-22-ia64, linux-image-2.6.31-22-server, linux-image-2.6.32-24-powerpc-smp, linux-image-2.6.32-24-ia64-dbgsym, linux-image-2.6.32-24-preempt-dbgsym, linux-image-2.6.32-24-preempt, linux-image-2.6.28-19-virtual, linux-image-2.6.31-22-generic-pae, linux-image-2.6.24-28-server, linux-image-2.6.32-24-sparc64, linux-image-2.6.24-28-386, linux-image-2.6.24-28-lpiacompat, linux-image-2.6.24-28-sparc64, linux-image-2.6.24-28-mckinley, linux-image-2.6.15-55-hppa32, linux-image-2.6.32-24-versatile-dbgsym, linux-image-2.6.15-55-amd64-k8, linux-image-2.6.15-55-itanium-smp, linux-image-2.6.15-55-server-bigiron, linux-image-2.6.28-19-generic, linux-image-2.6.32-24-generic-pae-dbgsym, linux-image-2.6.32-24-sparc64-dbgsym
  • USN-1164-1: linux-image-2.6.31-609-imx51, linux-fsl-imx51
  • USN-1071-1: linux-image-2.6.15-55-hppa64-smp, linux-image-2.6.15-55-powerpc, linux-image-2.6.15-55-powerpc64-smp, linux-source-2.6.15, linux-image-2.6.15-55-hppa64, linux-image-2.6.15-55-sparc64-smp, linux-image-2.6.15-55-powerpc-smp, linux-image-2.6.15-55-amd64-generic, linux-image-2.6.15-55-386, linux-image-2.6.15-55-hppa32, linux-image-2.6.15-55-amd64-k8, linux-image-2.6.15-55-itanium-smp, linux-image-2.6.15-55-amd64-xeon, linux-image-2.6.15-55-sparc64, linux-image-2.6.15-55-server, linux-image-2.6.15-55-server-bigiron, linux-image-2.6.15-55-mckinley, linux-image-2.6.15-55-k7, linux-image-2.6.15-55-686, linux-image-2.6.15-55-hppa32-smp, linux-image-2.6.15-55-amd64-server, linux-image-2.6.15-55-itanium, linux-image-2.6.15-55-mckinley-smp
  • USN-1092-1: linux-image-2.6.15-57-amd64-server, linux-image-2.6.15-57-sparc64-smp, linux-source-2.6.15, linux-image-2.6.15-57-amd64-xeon, linux-image-2.6.15-57-server-bigiron, linux-image-2.6.15-57-k7, linux-image-2.6.15-57-powerpc-smp, linux-image-2.6.15-57-amd64-k8, linux-image-2.6.15-57-hppa64, linux-image-2.6.15-57-server, linux-image-2.6.15-57-mckinley, linux-image-2.6.15-57-powerpc, linux-image-2.6.15-57-hppa32-smp, linux-image-2.6.15-57-mckinley-smp, linux-image-2.6.15-57-powerpc64-smp, linux-image-2.6.15-57-amd64-generic, linux-image-2.6.15-57-386, linux-image-2.6.15-57-hppa64-smp, linux-image-2.6.15-57-itanium-smp, linux-image-2.6.15-57-hppa32, linux-image-2.6.15-57-itanium, linux-image-2.6.15-57-sparc64, linux-image-2.6.15-57-686
  • USN-1089-1: linux-image-2.6.31-23-sparc64-smp, linux, linux-image-2.6.31-23-powerpc64-smp, linux-image-2.6.31-23-powerpc, linux-image-2.6.31-23-ia64, linux-image-2.6.31-23-sparc64, linux-ec2, linux-image-2.6.31-23-virtual, linux-image-2.6.31-23-generic-pae, linux-image-2.6.31-23-lpia, linux-image-2.6.31-23-powerpc-smp, linux-image-2.6.31-23-server, linux-image-2.6.31-23-386, linux-image-2.6.31-23-generic, linux-image-2.6.31-308-ec2
  • USN-1105-1: linux-image-2.6.24-29-386, linux-image-2.6.24-29-xen, linux-image-2.6.24-29-itanium, linux-image-2.6.24-29-lpia, linux-image-2.6.24-29-lpiacompat, linux-image-2.6.24-29-rt, linux-image-2.6.24-29-generic, linux-image-2.6.24-29-powerpc-smp, linux-image-2.6.24-29-powerpc64-smp, linux-image-2.6.24-29-virtual, linux, linux-image-2.6.24-29-hppa32, linux-image-2.6.24-29-sparc64, linux-image-2.6.24-29-mckinley, linux-image-2.6.24-29-sparc64-smp, linux-image-2.6.24-29-hppa64, linux-image-2.6.24-29-powerpc, linux-image-2.6.24-29-openvz, linux-image-2.6.24-29-server
  • USN-1204-1: linux-image-2.6.31-610-imx51, linux-fsl-imx51
  • USN-1146-1: linux-image-2.6.24-29-386, linux-image-2.6.24-29-xen, linux-image-2.6.24-29-itanium, linux-image-2.6.24-29-lpia, linux-image-2.6.24-29-lpiacompat, linux-image-2.6.24-29-rt, linux-image-2.6.24-29-generic, linux-image-2.6.24-29-powerpc-smp, linux-image-2.6.24-29-powerpc64-smp, linux-image-2.6.24-29-virtual, linux, linux-image-2.6.24-29-hppa32, linux-image-2.6.24-29-sparc64, linux-image-2.6.24-29-mckinley, linux-image-2.6.24-29-sparc64-smp, linux-image-2.6.24-29-hppa64, linux-image-2.6.24-29-powerpc, linux-image-2.6.24-29-openvz, linux-image-2.6.24-29-server