CVE-2011-2498

Bug #922374 reported by John Johansen
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Low
Unassigned
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Maverick
Invalid
Low
Unassigned
Natty
Fix Released
Low
Unassigned
Oneiric
Won't Fix
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-armadaxp (Ubuntu)
Fix Released
Low
Unassigned
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Maverick
Invalid
Undecided
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Fix Released
Low
Unassigned
Quantal
Fix Released
Low
Unassigned
linux-ec2 (Ubuntu)
Invalid
Low
Unassigned
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Maverick
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Invalid
Low
Unassigned
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Maverick
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Invalid
Low
Unassigned
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Maverick
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Invalid
Low
Unassigned
Hardy
Invalid
Low
Unassigned
Lucid
Fix Released
Low
Unassigned
Maverick
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Invalid
Low
Unassigned
Hardy
Invalid
Low
Unassigned
Lucid
Won't Fix
Low
Unassigned
Maverick
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-mvl-dove (Ubuntu)
Invalid
Low
Unassigned
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Maverick
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
Low
Unassigned
Hardy
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Maverick
Invalid
Low
Unassigned
Natty
Fix Released
Low
Andy Whitcroft
Oneiric
Won't Fix
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned

Bug Description

PTE pages are invisible memory user. A local, unprivileged user could leverage this flaw to trigger a denial of service. AFAIK, this was introduced in a63d83f427f (v2.6.36-rc1), fixed in f755a042d (v2.6.39-rc6).

Break-Fix: a63d83f427fbce97a6cea0db2e64b0eb8435cd10 f755a042d82b51b54f3bdd0890e5ea56c0fb6807

Revision history for this message
John Johansen (jjohansen) wrote :

CVE-2011-2498

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
security vulnerability: no → yes
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Maverick):
status: New → Invalid
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux (Ubuntu Precise):
importance: Undecided → Low
Changed in linux (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Hardy):
status: New → Invalid
Changed in linux (Ubuntu Maverick):
status: New → Invalid
Changed in linux (Ubuntu Natty):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
description: updated
Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Andy Whitcroft (apw)
Changed in linux-ti-omap4 (Ubuntu Natty):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux-ti-omap4 (Ubuntu Natty):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-13.56~lucid1

---------------
linux-lts-backport-natty (2.6.38-13.56~lucid1) lucid-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #931806

  [ Upstream Kernel Changes ]

  * igmp: Avoid zero delay when receiving odd mixture of IGMP queries
    - LP: #917848
    - CVE-2012-0207
  * TOMOYO: Fix oops in tomoyo_mount_acl().
    - LP: #922377
    - CVE-2011-2518
  * oom: fix integer overflow of points in oom_badness
    - LP: #922374
    - CVE-2011-2498

linux (2.6.38-13.55) natty-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #920790

  [ Upstream Kernel Changes ]

  * fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message, CVE-2011-3353
    - LP: #905058
    - CVE-2011-3353
  * KVM: x86: Prevent starting PIT timers in the absence of irqchip support
    - LP: #911303
    - CVE-2011-4622
  * sched, x86: Avoid unnecessary overflow in sched_clock
    - LP: #805341
  * use cache type functions for arch_get_unmapped_area
    - LP: #861296
  * topdown mmap support
    - LP: #861296
  * xfs: validate acl count
    - LP: #917706
    - CVE-2012-0038
  * xfs: fix acl count validation in xfs_acl_from_disk()
    - LP: #917706
    - CVE-2012-0038
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
  * x86/PCI: amd: factor out MMCONFIG discovery
    - LP: #647043
  * PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that
    - LP: #647043

linux (2.6.38-13.54) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #911195

  [ Alex Bligh ]

  * (config) Change Xen paravirt drivers to be built-in
    - LP: #886521

  [ Paolo Pisati ]

  * [Config] DEFAULT_MMAP_MIN_ADDR=32k on arm
    - LP: #903346

  [ Seth Forshee ]

  * SAUCE: dell-wmi: Demote unknown WMI event message to pr_debug
    - LP: #581312

  [ Upstream Kernel Changes ]

  * VFS: Fix vfsmount overput on simultaneous automount
    - LP: #769927
  * TPM: Zero buffer after copying to userspace, CVE-2011-1162
    - LP: #899463
    - CVE-2011-1162
  * hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops, CVE-2011-2203
    - LP: #899466
    - CVE-2011-2203
  * KEYS: Fix a NULL pointer deref in the user-defined key type,
    CVE-2011-4110
    - LP: #894369
    - CVE-2011-4110
  * nfsd4: permit read opens of executable-only files
    - LP: #833300
  * Support for Terratec G1
    - LP: #821061
 -- Brad Figg <email address hidden> Mon, 13 Feb 2012 15:58:51 -0800

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.22

---------------
linux-ti-omap4 (2.6.38-1209.22) natty-proposed; urgency=low

  * Release Tracking Bug
    - LP: #932673

  [ Upstream Kernel Changes ]

  * net: ip_expire() must revalidate route
    - LP: #922051
    - CVE-2011-1927
  * ARM: 6891/1: prevent heap corruption in OABI semtimedop
    - LP: #925373
    - CVE-2011-1759
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #922371
    - CVE-2011-2182
  * oom: use pte pages in OOM score
    - LP: #922374
    - CVE-2011-2498
  * TOMOYO: Fix oops in tomoyo_mount_acl().
    - LP: #922377
    - CVE-2011-2518
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #789409
    - CVE-2011-3619
 -- Paolo Pisati <email address hidden> Mon, 20 Feb 2012 11:59:21 +0100

Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Maverick):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
importance: Undecided → Low
Ike Panhc (ikepanhc)
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Ike Panhc (ikepanhc)
Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Won't Fix
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. oneiric has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against oneiric is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.