CVE-2010-4249
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
linux-fsl-imx51 (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
linux-lts-backport-maverick (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
linux-mvl-dove (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
linux-ti-omap4 (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned |
Bug Description
CVE-2010-4249
Vegard Nossum found a unix socket OOM was possible, posting an exploit
program.
My analysis is we can eat all LOWMEM memory before unix_gc() being
called from unix_release_
unix_gc() can consume huge amount of time to perform cleanup because of
huge working set.
One way to handle this is to have a sensible limit on unix_tot_inflight,
tested from wait_for_unix_gc() and to force a call to unix_gc() if this
limit is hit.
This solves the OOM and also reduce overall latencies, and should not
slowdown normal workloads.
Break-Fix: - 9915672d41273f5
security vulnerability: | no → yes |
Brad Figg (brad-figg) wrote : | #1 |
Changed in linux-ti-omap4 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu): | |
status: | New → Invalid |
description: | updated |
Changed in linux-ti-omap4 (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Karmic): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Karmic): | |
status: | New → Invalid |
Paolo Pisati (p-pisati) wrote : | #2 |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | New → Fix Released |
Changed in linux-fsl-imx51 (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Maverick): | |
status: | New → Invalid |
Paolo Pisati (p-pisati) wrote : | #3 |
karmic is EOL
Changed in linux-fsl-imx51 (Ubuntu Karmic): | |
status: | New → Won't Fix |
Paolo Pisati (p-pisati) wrote : | #4 |
fix already present
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in linux-mvl-dove (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in linux-mvl-dove (Ubuntu Maverick): | |
status: | New → Fix Released |
This bug was nominated against a series that is no longer supported, ie karmic. The bug task representing the karmic nomination is being closed as Won't Fix.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.
Changed in linux (Ubuntu Karmic): | |
status: | New → Won't Fix |
This bug is missing log files that will aid in dianosing the problem. From a terminal window please run:
apport-collect 769182
and then change the status of the bug back to 'New'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.
Changed in linux (Ubuntu): | |
status: | New → Incomplete |
Changed in linux (Ubuntu Dapper): | |
status: | New → Incomplete |
Changed in linux (Ubuntu Hardy): | |
status: | New → Incomplete |
Changed in linux (Ubuntu Lucid): | |
status: | New → Incomplete |
Changed in linux (Ubuntu Maverick): | |
status: | New → Incomplete |
Changed in linux (Ubuntu Natty): | |
status: | New → Incomplete |
Launchpad Janitor (janitor) wrote : | #9 |
This bug was fixed in the package linux - 2.6.24-29.92
---------------
linux (2.6.24-29.92) hardy-proposed; urgency=low
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #812360
[Upstream Kernel Changes]
* af_unix: limit unix_tot_inflight CVE-2010-4249
- LP: #769182
- CVE-2010-4249
* xfs: zero proper structure size for geometry calls CVE-2011-0711
- LP: #767740
- CVE-2011-0711
* netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
- LP: #801482
- CVE-2011-1171
* econet: 4 byte infoleak to the network CVE-2011-1173
- LP: #801484
- CVE-2011-1173
* netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
- LP: #801480
* ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
- LP: #801483
- CVE-2011-1172
* xen: don't allow blkback virtual CDROM device, CVE-2010-4238
- LP: #803931
- CVE-2010-4238
* IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
- LP: #805512
* ipc: initialize structure memory to zero for compat functions
CVE-2010-4073
- LP: #806366
- CVE-2010-4073
* tcp: Increase TCP_MAXSEG socket option minimum CVE-2010-4165
- LP: #806374
- CVE-2010-4165
* taskstats: don't allow duplicate entries in listener mode,
CVE-2011-2484
- LP: #806390
- CVE-2011-2484
* netfilter: ipt_CLUSTERIP: fix buffer overflow, CVE-2011-2534
- LP: #801473
- CVE-2011-2534
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the
slab (v3), CVE-2011-1090
- LP: #800775
- CVE-2011-1090
* fs/partitions: Validate map_count in Mac partition tables
- LP: #804225
- CVE-2011-1010
-- Herton Ronaldo Krzesinski <email address hidden> Mon, 18 Jul 2011 12:36:01 -0300
Changed in linux (Ubuntu Hardy): | |
status: | Incomplete → Fix Released |
Changed in linux-lts-backport-maverick (Ubuntu Dapper): | |
status: | New → Won't Fix |
Changed in linux-lts-backport-maverick (Ubuntu Karmic): | |
status: | New → Won't Fix |
Changed in linux (Ubuntu Dapper): | |
status: | Incomplete → Won't Fix |
The attachment "dapper-
[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]
tags: | added: patch |
Jamie Strandboge (jdstrand) wrote : | #11 |
Thank you for reporting this bug to Ubuntu. maverick has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against maverick is being marked "Won't Fix". Please see
https:/
releases.
Please feel free to report any other bugs you may find.
Changed in linux-lts-backport-maverick (Ubuntu Maverick): | |
status: | New → Won't Fix |
Changed in linux-lts-backport-maverick (Ubuntu Hardy): | |
status: | New → Won't Fix |
Changed in linux-lts-backport-maverick (Ubuntu Lucid): | |
status: | New → Won't Fix |
Jamie Strandboge (jdstrand) wrote : | #12 |
Thank you for reporting this bug to Ubuntu. maverick has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against maverick is being marked "Won't Fix".
Please see https:/
supported Ubuntu releases.
Please feel free to report any other bugs you may find.
Jamie Strandboge (jdstrand) wrote : | #13 |
Thank you for reporting this bug to Ubuntu. natty has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against natty is being marked "Won't Fix".
Please see https:/
supported Ubuntu releases.
Please feel free to report any other bugs you may find.
Julian Wiedmann (jwiedmann) wrote : | #14 |
This release has reached end-of-life [0].
Changed in linux (Ubuntu Maverick): | |
status: | Incomplete → Invalid |
Changed in linux (Ubuntu Natty): | |
status: | Incomplete → Invalid |
tags: | added: kernel-cve-tracking-bug |
Mathew Hodson (mhodson) wrote : | #15 |
This was fixed in lucid, maverick, and natty according to http://
Mathew Hodson (mhodson) wrote : | #16 |
linux (2.6.32-28.55) lucid-proposed; urgency=low
* Another version bump because of abi check failure
* Tracking Bug
- LP: #699885
linux (2.6.32-28.54) lucid-proposed; urgency=low
* Another version bump because of upload failure
linux (2.6.32-28.53) lucid-proposed; urgency=low
* Another version bump because of upload failure
linux (2.6.32-28.52) lucid-proposed; urgency=low
[ Steve Conklin ]
* (removed old tracking bug link)
linux (2.6.32-28.51) lucid-proposed; urgency=low
[ Steve Conklin ]
* bumped version due to build fail
linux (2.6.32-28.50) lucid-proposed; urgency=low
[ Tim Gardner ]
* SAUCE: Change nodelayacct boot parameter polarity.
- LP: #493156
* [Config] CONFIG_
- LP: #493156
[ Upstream Kernel Changes ]
* ipc: initialize structure memory to zero for compat functions
* tcp: Increase TCP_MAXSEG socket option minimum.
- CVE-2010-4165
* perf_events: Fix perf_counter_mmap() hook in mprotect()
- CVE-2010-4169
* af_unix: limit unix_tot_inflight
- CVE-2010-4249
* AppArmor: fix the upper bound check for the next/check table
- LP: #581525
* NFS: Fix panic after nfs_umount()
- LP: #683938
* block: Ensure physical block size is unsigned int
- LP: #688669
* block: limit vec count in bio_kmalloc() and bio_alloc_
- LP: #688669
* block: take care not to overflow when calculating total iov length
- LP: #688669
* block: check for proper length of iov entries in blk_rq_
- LP: #688669
* jme: Fix PHY power-off error
- LP: #688669
* irda: Fix parameter extraction stack overflow
- LP: #688669
* irda: Fix heap memory corruption in iriap.c
- LP: #688669
* i2c-pca-platform: Change device name of request_irq
- LP: #688669
* microblaze: Fix build with make 3.82
- LP: #688669
* Staging: asus_oled: fix up some sysfs attribute permissions
- LP: #688669
* Staging: asus_oled: fix up my fixup for some sysfs attribute
permissions
- LP: #688669
* Staging: line6: fix up some sysfs attribute permissions
- LP: #688669
* hpet: fix unwanted interrupt due to stale irq status bit
- LP: #688669
* hpet: unmap unused I/O space
- LP: #688669
* olpc_battery: Fix endian neutral breakage for s16 values
- LP: #688669
* percpu: fix list_head init bug in __percpu_
- LP: #688669
* um: remove PAGE_SIZE alignment in linker script causing kernel
segfault.
- LP: #688669
* um: fix global timer issue when using CONFIG_NO_HZ
- LP: #688669
* numa: fix slab_node(
- LP: #688669
* hwmon: (lm85) Fix ADT7468 frequency table
- LP: #688669
* mm: fix return value of scan_lru_pages in memory unplug
- LP: #688669
* mm: fix is_mem_
- LP: #688669
* ssb: b43-pci-bridge: Add new vendor for BCM4318
- LP: #688669
* sgi-xpc: XPC fails to discover partitions with all nasids above 128
- LP: #688669
* xen: ensure that all event channels start off bound to VCPU 0
- LP: #6886...
Changed in linux (Ubuntu Lucid): | |
status: | Incomplete → Fix Released |
Mathew Hodson (mhodson) wrote : | #17 |
linux (2.6.35-25.44) maverick-proposed; urgency=low
[ Upstream Kernel Changes ]
* Revert "drm/radeon/kms: properly compute group_size on 6xx/7xx"
- LP: #703553
linux (2.6.35-25.43) maverick-proposed; urgency=low
[ Brad Figg ]
- LP: #697948
[ Andy Whitcroft ]
* [Config] add vmware-balloon driver to -virtual flavour
- LP: #592039
[ Manoj Iyer ]
* SAUCE: Enable jack sense for Thinkpad Edge 13
- LP: #685015
[ Robert Hooker ]
* Revert "(pre-stable): input: Support Clickpad devices in ClickZone
mode"
- LP: #669399
[ Stefan Bader ]
* Set virtual flavour maximum of domain visible memory to 70G
- LP: #667796
[ Takashi Iwai ]
* SAUCE: input: Support Clickpad devices in ClickZone mode
- LP: #516329
[ Tim Gardner ]
* [Config] Add nfsd modules to -virtual flavour
- LP: #688070
* [Config] Added autofs4.ko to -virtual flavour
- LP: #692917
[ Upstream Kernel Changes ]
* intel_idle: delete substates DEBUG modparam
- LP: #684888
* intel_idle: delete power_policy modparam, and choose substate functions
- LP: #684888
* intel_idle: add support for Westmere-EX
- LP: #684888
* intel_idle: recognize Lincroft Atom Processor
- LP: #684888
* x86, mwait: Move mwait constants to a common header file
- LP: #684888
* intel_idle: Change mode 755 => 644
- LP: #684888
* intel_idle: add missing __percpu markup
- LP: #684888
* cpuidle: extend cpuidle and menu governor to handle dynamic states
- LP: #684888
* intel_idle: Voluntary leave_mm before entering deeper
- LP: #684888
* intel_idle: enable Atom C6
- LP: #684888
* intel_idle: simplify test for leave_mm()
- LP: #684888
* intel_idle: delete bogus data from cpuidle_
- LP: #684888
* intel_idle: add initial Sandy Bridge support
- LP: #684888
* intel_idle: do not use the LAPIC timer for ATOM C2
- LP: #684888
* staging: usbip: Notify usb core of port status changes
- LP: #686158
* staging: usbip: Process event flags without delay
- LP: #686158
* Staging: phison: fix problem caused by libata change
- LP: #686158
* perf_events: Fix bogus AMD64 generic TLB events
- LP: #686158
* perf_events: Fix bogus context time tracking
- LP: #686158
* powerpc/perf: Fix sampling enable for PPC970
- LP: #686158
* pcmcia: synclink_cs: fix information leak to userland
- LP: #686158
* sched: Drop all load weight manipulation for RT tasks
- LP: #686158
* sched: Fix string comparison in /proc/sched_
- LP: #686158
* bluetooth: Fix missing NULL check
- LP: #686158
* futex: Fix errors in nested key ref-counting
- LP: #686158
* cifs: fix broken oplock handling
- LP: #686158
* libahci: fix result_tf handling after an ATA PIO data-in command
- LP: #686158
* mm, x86: Saving vmcore with non-lazy freeing of vmas
- LP: #686158
* x86, cpu: Fix renamed, not-yet-shipping AMD CPUID feature bit
- LP: #686158
* x86, kexec: Make sure to stop all CPUs before exiting the kernel
...
Changed in linux (Ubuntu Maverick): | |
status: | Invalid → Fix Released |
Changed in linux (Ubuntu): | |
status: | Incomplete → Fix Released |
Changed in linux (Ubuntu Natty): | |
status: | Invalid → Fix Released |
description: | updated |
fix already present