/proc/[PID]/attr/current overwrite Null pointer dereference

Bug #789409 reported by Emanuel Bronshtein
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
High
Kees Cook
linux (Ubuntu)
Fix Released
Low
Kees Cook
Declined for Maverick by Ike Panhc
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Natty
Fix Released
Low
Kees Cook
Oneiric
Invalid
Low
Kees Cook
Precise
Fix Released
Low
Kees Cook
Quantal
Fix Released
Low
Kees Cook
linux-armadaxp (Ubuntu)
Fix Released
Low
Unassigned
Declined for Maverick by Ike Panhc
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Fix Released
Low
Unassigned
Quantal
Fix Released
Low
Unassigned
linux-ec2 (Ubuntu)
Invalid
Low
Unassigned
Declined for Maverick by Ike Panhc
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Invalid
Low
Unassigned
Declined for Maverick by Ike Panhc
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Invalid
Low
Unassigned
Declined for Maverick by Ike Panhc
Hardy
Invalid
Low
Unassigned
Lucid
Fix Released
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Invalid
Low
Unassigned
Declined for Maverick by Ike Panhc
Hardy
Invalid
Low
Unassigned
Lucid
Fix Released
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Invalid
Low
Unassigned
Declined for Maverick by Ike Panhc
Hardy
Invalid
Low
Unassigned
Lucid
Fix Released
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-mvl-dove (Ubuntu)
Invalid
Low
Unassigned
Declined for Maverick by Ike Panhc
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
Low
Unassigned
Declined for Maverick by Ike Panhc
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Natty
Fix Released
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned

Bug Description

kernel/AppArmor local denial of service

Break-Fix: - a5b2c5b2ad5853591a6cac6134cd0f599a720865

Steve Beattie (sbeattie)
Changed in apparmor:
status: New → Triaged
importance: Undecided → High
description: updated
Changed in linux (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in apparmor:
assignee: nobody → John Johansen (jjohansen)
security vulnerability: yes → no
visibility: private → public
Revision history for this message
Kees Cook (kees) wrote :
Changed in apparmor:
assignee: John Johansen (jjohansen) → Kees Cook (kees)
Changed in linux (Ubuntu Oneiric):
assignee: John Johansen (jjohansen) → Kees Cook (kees)
Changed in linux (Ubuntu Natty):
assignee: nobody → Kees Cook (kees)
Changed in linux (Ubuntu Oneiric):
status: New → Fix Released
Changed in linux (Ubuntu Natty):
status: New → Fix Committed
Changed in apparmor:
status: Triaged → Fix Released
Revision history for this message
Julian Wiedmann (jwiedmann) wrote :

This patch ('AppArmor: fix oops in apparmor_setprocattr') landed in -updates with 2.6.38-11.48.

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
status: Fix Released → New
Changed in linux (Ubuntu Natty):
status: Fix Released → New
description: updated
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Natty):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Fix Committed
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Fix Committed
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux (Ubuntu Precise):
importance: Undecided → Low
Changed in linux (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Fix Committed
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
tags: added: kernel-cve-tracking-bug
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (18.0 KiB)

This bug was fixed in the package linux-lts-backport-maverick - 2.6.35-32.66~lucid1

---------------
linux-lts-backport-maverick (2.6.35-32.66~lucid1) lucid-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #931795

  [ Upstream Kernel Changes ]

  * net: ip_expire() must revalidate route
    - LP: #922051
    - CVE-2011-1927
  * bridge: Fix mglist corruption that leads to memory corruption
    - LP: #917813
    - CVE-2011-0716
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #789409
    - CVE-2011-3619

linux (2.6.35-32.65) maverick-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #920677

  [ Upstream Kernel Changes ]

  * fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message, CVE-2011-3353
    - LP: #905058
    - CVE-2011-3353
  * KVM: x86: Prevent starting PIT timers in the absence of irqchip support
    - LP: #911303
    - CVE-2011-4622
  * sched, x86: Avoid unnecessary overflow in sched_clock
    - LP: #805341
  * use cache type functions for arch_get_unmapped_area
    - LP: #861296
  * topdown mmap support
    - LP: #861296
  * xfs: validate acl count
    - LP: #917706
    - CVE-2012-0038
  * xfs: fix acl count validation in xfs_acl_from_disk()
    - LP: #917706
    - CVE-2012-0038
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
  * x86/PCI: amd: factor out MMCONFIG discovery
    - LP: #647043
  * PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB
    - LP: #647043

linux (2.6.35-32.64) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #910919

  [ Seth Forshee ]

  * SAUCE: dell-wmi: Demote unknown WMI event message to pr_debug
    - LP: #581312

  [ Upstream Kernel Changes ]

  * Revert "Revert "xen: set max_pfn_mapped to the last pfn mapped""
    - LP: #898139
  * Revert "core: Fix memory leak/corruption on VLAN GRO_DROP,
    CVE-2011-1576"
    - LP: #844361
  * kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0
    - LP: #898139
  * kbuild: Fix passing -Wno-* options to gcc 4.4+
    - LP: #898139
  * maintainer
    - LP: #898139
  * Remove the old V4L1 v4lgrab.c file
    - LP: #898139
  * i8k: Tell gcc that *regs gets clobbered
    - LP: #898139
  * Fix gcc 4.5.1 miscompiling drivers/char/i8k.c (again)
    - LP: #898139
  * USB: serial/usb_wwan, fix tty NULL dereference
    - LP: #898139
  * ipv6: add special mode accept_ra=2 to accept RA while configured as
    router
    - LP: #898139
  * set memory ranges in N_NORMAL_MEMORY when onlined
    - LP: #898139
  * FLEXCOP-PCI: fix __xlate_proc_name-warning for flexcop-pci
    - LP: #898139
  * m68k/mm: Set all online nodes in N_NORMAL_MEMORY
    - LP: #898139
  * nfs: don't lose MS_SYNCHRONOUS on remount of noac mount
    - LP: #898139
  * NFSv4.1: Ensure state manager thread dies on last umount
    - LP: #898139
  * Input: xen-kbdfront - fix mouse getting stuck after save/restore
    - LP: #898139
  * pmcraid: reject negative request size
    - LP: #898139
  * mmc: sdhci-pci: Fix error case in sdhci_pci_probe_slot()
    - LP: #898139
  * mmc: sdhci: Check mrq->cmd in sdhci_tasklet_finish
    - LP: #898139
  * mmc: sdhci: Check...

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.22

---------------
linux-ti-omap4 (2.6.38-1209.22) natty-proposed; urgency=low

  * Release Tracking Bug
    - LP: #932673

  [ Upstream Kernel Changes ]

  * net: ip_expire() must revalidate route
    - LP: #922051
    - CVE-2011-1927
  * ARM: 6891/1: prevent heap corruption in OABI semtimedop
    - LP: #925373
    - CVE-2011-1759
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #922371
    - CVE-2011-2182
  * oom: use pte pages in OOM score
    - LP: #922374
    - CVE-2011-2498
  * TOMOYO: Fix oops in tomoyo_mount_acl().
    - LP: #922377
    - CVE-2011-2518
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #789409
    - CVE-2011-3619
 -- Paolo Pisati <email address hidden> Mon, 20 Feb 2012 11:59:21 +0100

Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
importance: Undecided → Low
Revision history for this message
Ike Panhc (ikepanhc) wrote :

Patch already in linux-armadaxp and released

Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Revision history for this message
dino99 (9d9) wrote :
Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Invalid
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Invalid
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.