CVE-2010-4158
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Low
|
Unassigned | |||
Dapper |
Low
|
Stefan Bader | |||
Hardy |
Low
|
Stefan Bader | |||
Karmic |
Low
|
Stefan Bader | |||
Lucid |
Low
|
Stefan Bader | |||
Maverick |
Low
|
Unassigned | |||
Natty |
Low
|
Unassigned | |||
linux-fsl-imx51 (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Paolo Pisati | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
linux-ti-omap4 (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Paolo Pisati | |||
Natty |
Undecided
|
Unassigned |
Bug Description
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.
Related branches
CVE References
- 2010-2954
- 2010-2955
- 2010-2960
- 2010-2962
- 2010-2963
- 2010-3079
- 2010-3080
- 2010-3081
- 2010-3437
- 2010-3705
- 2010-3848
- 2010-3849
- 2010-3850
- 2010-3861
- 2010-3865
- 2010-3873
- 2010-3875
- 2010-3876
- 2010-3877
- 2010-3904
- 2010-4072
- 2010-4076
- 2010-4077
- 2010-4079
- 2010-4158
- 2010-4162
- 2010-4163
- 2010-4164
- 2010-4165
- 2010-4175
- 2010-4242
- 2010-4243
- 2010-4251
- 2010-4258
- 2010-4342
- 2010-4346
- 2010-4527
- 2010-4529
- 2010-4649
- 2010-4805
- 2011-0726
- 2011-1010
- 2011-1012
- 2011-1013
- 2011-1020
- 2011-1078
- 2011-1079
- 2011-1080
- 2011-1082
- 2011-1090
- 2011-1093
- 2011-1160
- 2011-1163
- 2011-1170
- 2011-1171
- 2011-1172
- 2011-1173
- 2011-1180
- 2011-1478
- 2011-1493
- 2011-1577
- 2011-1598
- 2011-1770
- 2011-1833
- 2011-2484
- 2011-2492
- 2011-2534
- 2011-2699
- 2011-2918
visibility: | private → public |
Stefan Bader (smb) wrote : | #1 |
Changed in linux (Ubuntu Natty): | |
assignee: | Stefan Bader (stefan-bader-canonical) → nobody |
status: | In Progress → Fix Released |
Stefan Bader (smb) wrote : | #2 |
Released in Ubuntu-2.6.35-25.43 (2.6.35.10 upstream stable)
Changed in linux (Ubuntu Maverick): | |
importance: | Undecided → Low |
status: | New → Fix Released |
Changed in linux (Ubuntu Lucid): | |
assignee: | nobody → Stefan Bader (stefan-bader-canonical) |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in linux (Ubuntu Karmic): | |
assignee: | nobody → Stefan Bader (stefan-bader-canonical) |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in linux (Ubuntu Hardy): | |
assignee: | nobody → Stefan Bader (stefan-bader-canonical) |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in linux (Ubuntu Dapper): | |
assignee: | nobody → Stefan Bader (stefan-bader-canonical) |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in linux (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Karmic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Hardy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Dapper): | |
status: | In Progress → Fix Committed |
Accepted linux-ec2 into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https:/
Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package linux - 2.6.31-23.74
---------------
linux (2.6.31-23.74) karmic-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug
- LP: #725232
[ Upstream Kernel Changes ]
* bluetooth: Fix missing NULL check, CVE-2010-4242
- LP: #714846
- CVE-2010-4242
* bio: take care not overflow page count when mapping/copying user data,
CVE-2010-4162
- LP: #721441
- CVE-2010-4162
* filter: make sure filters dont read uninitialized memory
- LP: #721282
- CVE-2010-4158
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* block: check for proper length of iov entries in blk_rq_
CVE-2010-4163
- LP: #721504
- CVE-2010-4163
* block: check for proper length of iov entries earlier in
blk_
- LP: #721504
- CVE-2010-4163
* rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
- LP: #721455
- CVE-2010-4175
-- Steve Conklin <email address hidden> Fri, 25 Feb 2011 14:20:16 -0600
Changed in linux (Ubuntu Karmic): | |
status: | Fix Committed → Fix Released |
Launchpad Janitor (janitor) wrote : | #5 |
This bug was fixed in the package linux - 2.6.32-30.59
---------------
linux (2.6.32-30.59) lucid-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug
- LP: #727336
[ Tim Gardner ]
* [Config] CONFIG_
- LP: #723819
[ Upstream Kernel Changes ]
* virtio_net: Add schedule check to napi_enable call
- LP: #579276
* NFS: fix the return value of nfs_file_fsync()
- LP: #585657
* block: check for proper length of iov entries earlier in
blk_
- LP: #721504
- CVE-2010-4163
* filter: make sure filters dont read uninitialized memory
- LP: #721282
- CVE-2010-4158
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* staging: usbip: remove double giveback of URB
- LP: #723819
* USB: EHCI: ASPM quirk of ISOC on AMD SB800
- LP: #723819
* rt2x00: add device id for windy31 usb device
- LP: #723819
* ALSA: snd-usb-us122l: Fix missing NULL checks
- LP: #723819
* hwmon: (via686a) Initialize fan_div values
- LP: #723819
* USB: serial: handle Data Carrier Detect changes
- LP: #723819
* USB: CP210x Add two device IDs
- LP: #723819
* USB: CP210x Removed incorrect device ID
- LP: #723819
* USB: usb-storage: unusual_devs update for Cypress ATACB
- LP: #723819
* USB: usb-storage: unusual_devs update for TrekStor DataStation maxi g.u
external hard drive enclosure
- LP: #723819
* USB: usb-storage: unusual_devs entry for CamSport Evo
- LP: #723819
* USB: usb-storage: unusual_devs entry for Coby MP3 player
- LP: #723819
* USB: serial: Updated support for ICOM devices
- LP: #723819
* USB: adding USB support for Cinterion's HC2x, EU3 and PH8 products
- LP: #723819
* USB: EHCI: ASPM quirk of ISOC on AMD Hudson
- LP: #723819
* USB: EHCI: fix DMA deallocation bug
- LP: #723819
* USB: g_printer: fix bug in module parameter definitions
- LP: #723819
* USB: io_edgeport: fix the reported firmware major and minor
- LP: #723819
* USB: ti_usb: fix module removal
- LP: #723819
* USB: Storage: Add unusual_devs entry for VTech Kidizoom
- LP: #723819
* USB: ftdi_sio: add ST Micro Connect Lite uart support
- LP: #723819
* USB: cdc-acm: Adding second ACM channel support for Nokia N8
- LP: #723819
* USB: ftdi_sio: Add VID=0x0647, PID=0x0100 for Acton Research
spectrograph
- LP: #723819
* USB: prevent buggy hubs from crashing the USB stack
- LP: #723819
* staging: comedi: add support for newer jr3 1-channel pci board
- LP: #723819
* staging: comedi: ni_labpc: Use shared IRQ for PCMCIA card
- LP: #723819
* Staging: hv: fix sysfs symlink on hv block device
- LP: #723819
* staging: hv: Enable sending GARP packet after live migration
- LP: #723819
* hvc_iucv: allocate memory buffers for IUCV in zone DMA
- LP: #723819
* iwlagn: enable only rfkill interrupt when device is down
- LP: #723819
* ath9k: Fix bug in delimiter padding computation
- LP: #723819
* correct vdso version string
- LP: #723819
* fix medium error problems with so...
Changed in linux (Ubuntu Lucid): | |
status: | Fix Committed → Fix Released |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
status: | New → Fix Committed |
Changed in linux-ti-omap4 (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Karmic): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Natty): | |
status: | New → Invalid |
Launchpad Janitor (janitor) wrote : | #6 |
This bug was fixed in the package linux - 2.6.24-29.88
---------------
linux (2.6.24-29.88) hardy-proposed; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #736290
[Steve Conklin]
* Ubuntu-2.6.24-29.87
* [Config] Allow insertchanges to work in later version chroots
[Upstream Kernel Changes]
* do_exit(): make sure that we run with get_fs() == USER_DS,
CVE-2010-4258
- LP: #723945
- CVE-2010-4258
* Make the bulkstat_one compat ioctl handling more sane
- LP: #692848
* Fix xfs_bulkstat_one size checks & error handling
- LP: #692848
* xfs: always use iget in bulkstat
- LP: #692848
* x25: Prevent crashing when parsing bad X.25 facilities CVE-2010-4164
- LP: #731199
- CVE-2010-4164
* Revised [CVE-2010-4346 Hardy] install_
security_
- LP: #731971
- CVE-2010-4346
linux (2.6.24-29.87) hardy-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug
- LP: #725138
[Upstream Kernel Changes]
* bluetooth: Fix missing NULL check, CVE-2010-4242
- LP: #714846
- CVE-2010-4242
* NFS: fix the return value of nfs_file_fsync()
- LP: #585657
* bio: take care not overflow page count when mapping/copying user data,
CVE-2010-4162
- LP: #721441
- CVE-2010-4162
* filter: make sure filters dont read uninitialized memory
- LP: #721282
- CVE-2010-4158
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* block: check for proper length of iov entries earlier in
blk_
- LP: #721504
- CVE-2010-4163
-- Brad Figg <email address hidden> Wed, 16 Mar 2011 09:43:35 -0700
Changed in linux (Ubuntu Hardy): | |
status: | Fix Committed → Fix Released |
Launchpad Janitor (janitor) wrote : | #7 |
This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.22
---------------
linux-ti-omap4 (2.6.35-903.22) maverick; urgency=low
[ Paolo Pisati ]
* Release Tracking Bug
- LP: #744250
[ Upstream Kernel Changes ]
* ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open(), CVE-2010-3080
- CVE-2010-3080
* tracing: t_start: reset FTRACE_ITER_HASH in case of seek/pread, CVE-2010-3079
- CVE-2010-3079
* KEYS: Fix bug in keyctl_
- CVE-2010-2960
* drm/i915: Sanity check pread/pwrite, CVE-2010-2962
- CVE-2010-2962
* do_exit(): make sure that we run with get_fs() == USER_DS, CVE-2010-3849
- CVE-2010-3849
* econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
- CVE-2010-3849
* econet: fix CVE-2010-3850
- CVE-2010-3850
* econet: fix CVE-2010-3848
- CVE-2010-3848
* compat: Make compat_
- CVE-2010-3081
* irda: Correctly clean up self->ias_obj on irda_bind() failure., CVE-2010-2954
- CVE-2010-2954
* wireless extensions: fix kernel heap content leak, CVE-2010-2955
- CVE-2010-2955
* KEYS: Fix RCU no-lock warning in keyctl_
- CVE-2010-2960
* Fix pktcdvd ioctl dev_minor range check, CVE-2010-3437
- CVE-2010-3437
* Fix out-of-bounds reading in sctp_asoc_
- CVE-2010-3705
* ocfs2: Don't walk off the end of fast symlinks., CVE-2010-NNN2
- CVE-2010-NNN2
* v4l: disable dangerous buggy compat function, CVE-2010-2963
- CVE-2010-2963
* Local privilege escalation vulnerability in RDS sockets, CVE-2010-3904
- CVE-2010-3904
* net: clear heap allocation for ETHTOOL_
- CVE-2010-3861
* ipc: shm: fix information leak to userland, CVE-2010-4072
- CVE-2010-4072
* tcp: Increase TCP_MAXSEG socket option minimum., CVE-2010-4165
- CVE-2010-4165
* af_unix: limit unix_tot_inflight, CVE-2010-4249
- CVE-2010-4249
* V4L/DVB: ivtvfb: prevent reading uninitialized stack memory, CVE-2010-4079
- LP: #707649
- CVE-2010-4079
* net: fix rds_iovec page count overflow, CVE-2010-3865
- LP: #709153
- CVE-2010-3865
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #710714
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* filter: make sure filters dont read uninitialized memory, CVE-2010-4158
- LP: #721282
- CVE-2010-4158
* econet: Fix crash in aun_incoming(). CVE-2010-4342
- LP: #736394
- CVE-2010-4342
* sound: Prevent buffer overflow in OSS load_mixer_volumes, CVE-2010-4527
- LP: #737073
- CVE-2010-4527
* irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
- LP: #737823
- CVE-2010-4529
* x25: Prevent crashing when parsing bad X.25 facilities, C...
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | Fix Committed → Fix Released |
Changed in linux-fsl-imx51 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Karmic): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Maverick): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
status: | New → In Progress |
assignee: | nobody → Paolo Pisati (p-pisati) |
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
tags: |
added: kernel-cve-tracking-bug removed: kernel-cve-tracker |
Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package linux-fsl-imx51 - 2.6.31-610.28
---------------
linux-fsl-imx51 (2.6.31-610.28) lucid-proposed; urgency=low
* Release tracking bug
- LP: #837802
[ Upstream Kernel Changes ]
* ipv6: make fragment identifications less predictable, CVE-2011-2699
- LP: #827685
- CVE-2011-2699
* perf: Fix software event overflow, CVE-2011-2918
- LP: #834121
- CVE-2011-2918
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
linux-fsl-imx51 (2.6.31-610.27) lucid-proposed; urgency=low
* Release tracking bug
- LP: #829160
[ Upstream Kernel Changes ]
* fs/partitions/
oops
- LP: #795418
- CVE-2011-1577
* Fix corrupted OSF partition table parsing
- LP: #796606
- CVE-2011-1163
* can: Add missing socket check in can/bcm release.
- LP: #796502
- CVE-2011-1598
* proc: protect mm start_code/end_code in /proc/pid/stat
- LP: #799906
- CVE-2011-0726
* sctp: Fix a race between ICMP protocol unreachable and connect()
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #794034
- CVE-2010-4077
* filter: make sure filters dont read uninitialized memory CVE-2010-4158
- LP: #721282
- CVE-2010-4158
* bio: take care not overflow page count when mapping/copying user data
CVE-2010-4162
- LP: #721441
- CVE-2010-4162
* block: check for proper length of iov entries in blk_rq_
- LP: #721504
- CVE-2010-4163
* block: check for proper length of iov entries earlier in
blk_
- LP: #721504
- CVE-2010-4163
* rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
- LP: #721455
- CVE-2010-4175
* bluetooth: Fix missing NULL check CVE-2010-4242
- LP: #714846
- CVE-2010-4242
* IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
- LP: #800121
- CVE-2010-4649
* epoll: prevent creating circular epoll structures CVE-2011-1082
- LP: #800758
- CVE-2011-1082
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the
slab (v3) CVE-2011-1090
- LP: #800775
* ldm: corrupted partition table can cause kernel oops CVE-2011-1012
- LP: #801083
- CVE-2011-1012
* netfilter: ipt_CLUSTERIP: fix buffer overflow CVE-2011-2534
- LP: #801473
- CVE-2011-2534
* netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
- LP: #801480
- CVE-2011-1170
* netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
- LP: #801482
- CVE-2011-1171
* ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
- LP: #801483
- CVE-2011-1172
* econet: 4 byte infoleak to the network CVE-2011-1173
- LP: #801484
- CVE-2011-1173
* net: Limit socket I/O iovec total length to INT_MAX.
- LP: #708839
* fs/partitions: Validate map_count in Mac partition tables -
CVE-2011-1010
- LP: #804225
- CVE-2011-1010
* drm: fix unsigned vs signed comparison issue in modeset ctl ioctl,
CVE-2011-1013
- LP: #804229
- CVE-2011-1013
...
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
status: | Fix Committed → Fix Released |
Changed in linux (Ubuntu Dapper): | |
status: | Fix Committed → Won't Fix |
Upstream fix included in 2.6.37-rc2