CVE-2011-1012
Bug #801083 reported by
Paolo Pisati
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-fsl-imx51 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Paolo Pisati | ||
Maverick |
Invalid
|
Undecided
|
Unassigned | ||
linux-ti-omap4 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Undecided
|
Paolo Pisati |
Bug Description
The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel
before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB
structure in an LDM partition table, which allows local users to cause a
denial of service (divide-by-zero error and OOPS) via a crafted partition
table.
Related branches
CVE References
- 2010-3296
- 2010-3297
- 2010-3858
- 2010-3859
- 2010-3880
- 2010-4073
- 2010-4076
- 2010-4077
- 2010-4080
- 2010-4081
- 2010-4082
- 2010-4083
- 2010-4157
- 2010-4158
- 2010-4162
- 2010-4163
- 2010-4169
- 2010-4175
- 2010-4242
- 2010-4243
- 2010-4248
- 2010-4251
- 2010-4256
- 2010-4565
- 2010-4649
- 2010-4805
- 2011-0463
- 2011-0695
- 2011-0711
- 2011-0726
- 2011-1010
- 2011-1012
- 2011-1013
- 2011-1016
- 2011-1017
- 2011-1019
- 2011-1020
- 2011-1078
- 2011-1079
- 2011-1080
- 2011-1082
- 2011-1090
- 2011-1093
- 2011-1160
- 2011-1163
- 2011-1169
- 2011-1170
- 2011-1171
- 2011-1172
- 2011-1173
- 2011-1180
- 2011-1478
- 2011-1493
- 2011-1494
- 2011-1577
- 2011-1598
- 2011-1748
- 2011-1770
- 2011-1833
- 2011-2484
- 2011-2492
- 2011-2534
- 2011-2699
- 2011-2918
affects: | ubuntu → linux-fsl-imx51 (Ubuntu) |
visibility: | private → public |
Changed in linux-fsl-imx51 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Maverick): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
status: | New → In Progress |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | New → In Progress |
assignee: | nobody → Paolo Pisati (p-pisati) |
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
tags: | added: kernel-cve-tracking-bug |
To post a comment you must log in.
This bug was fixed in the package linux-fsl-imx51 - 2.6.31-610.28
---------------
linux-fsl-imx51 (2.6.31-610.28) lucid-proposed; urgency=low
* Release tracking bug
- LP: #837802
[ Upstream Kernel Changes ]
* ipv6: make fragment identifications less predictable, CVE-2011-2699
- LP: #827685
- CVE-2011-2699
* perf: Fix software event overflow, CVE-2011-2918
- LP: #834121
- CVE-2011-2918
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
linux-fsl-imx51 (2.6.31-610.27) lucid-proposed; urgency=low
* Release tracking bug
- LP: #829160
[ Upstream Kernel Changes ]
* fs/partitions/ efi.c: corrupted GUID partition tables can cause kernel map_user_ iov() rq_map_ user_iov( ), CVE-2010-4163
oops
- LP: #795418
- CVE-2011-1577
* Fix corrupted OSF partition table parsing
- LP: #796606
- CVE-2011-1163
* can: Add missing socket check in can/bcm release.
- LP: #796502
- CVE-2011-1598
* proc: protect mm start_code/end_code in /proc/pid/stat
- LP: #799906
- CVE-2011-0726
* sctp: Fix a race between ICMP protocol unreachable and connect()
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #794034
- CVE-2010-4077
* filter: make sure filters dont read uninitialized memory CVE-2010-4158
- LP: #721282
- CVE-2010-4158
* bio: take care not overflow page count when mapping/copying user data
CVE-2010-4162
- LP: #721441
- CVE-2010-4162
* block: check for proper length of iov entries in blk_rq_
- LP: #721504
- CVE-2010-4163
* block: check for proper length of iov entries earlier in
blk_
- LP: #721504
- CVE-2010-4163
* rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
- LP: #721455
- CVE-2010-4175
* bluetooth: Fix missing NULL check CVE-2010-4242
- LP: #714846
- CVE-2010-4242
* IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
- LP: #800121
- CVE-2010-4649
* epoll: prevent creating circular epoll structures CVE-2011-1082
- LP: #800758
- CVE-2011-1082
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the
slab (v3) CVE-2011-1090
- LP: #800775
* ldm: corrupted partition table can cause kernel oops CVE-2011-1012
- LP: #801083
- CVE-2011-1012
* netfilter: ipt_CLUSTERIP: fix buffer overflow CVE-2011-2534
- LP: #801473
- CVE-2011-2534
* netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
- LP: #801480
- CVE-2011-1170
* netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
- LP: #801482
- CVE-2011-1171
* ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
- LP: #801483
- CVE-2011-1172
* econet: 4 byte infoleak to the network CVE-2011-1173
- LP: #801484
- CVE-2011-1173
* net: Limit socket I/O iovec total length to INT_MAX.
- LP: #708839
* fs/partitions: Validate map_count in Mac partition tables -
CVE-2011-1010
- LP: #804225
- CVE-2011-1010
* drm: fix unsigned vs signed comparison issue in modeset ctl ioctl,
CVE-2011-1013
- LP: #804229
- CVE-2011-1013
...