CVE-2010-0435
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Medium
|
Unassigned | |||
| Dapper |
Medium
|
Unassigned | |||
| Hardy |
Medium
|
Stefan Bader | |||
| Karmic |
Medium
|
Stefan Bader | |||
| Lucid |
Medium
|
Unassigned | |||
| Maverick |
Medium
|
Unassigned | |||
| Natty |
Medium
|
Unassigned | |||
| linux-mvl-dove (Ubuntu) |
Undecided
|
Unassigned | |||
| Dapper |
Undecided
|
Unassigned | |||
| Hardy |
Undecided
|
Unassigned | |||
| Karmic |
Undecided
|
Unassigned | |||
| Lucid |
Undecided
|
Unassigned | |||
| Maverick |
Undecided
|
Unassigned | |||
| Natty |
Undecided
|
Unassigned | |||
Bug Description
Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel
could exploit this to crash the host system, leading to a denial of service.
Related branches
CVE References
- 2010-0435
- 2010-2942
- 2010-2943
- 2010-2954
- 2010-2955
- 2010-2960
- 2010-2962
- 2010-2963
- 2010-3067
- 2010-3078
- 2010-3080
- 2010-3084
- 2010-3296
- 2010-3297
- 2010-3310
- 2010-3432
- 2010-3437
- 2010-3442
- 2010-3448
- 2010-3477
- 2010-3698
- 2010-3699
- 2010-3705
- 2010-3848
- 2010-3849
- 2010-3850
- 2010-3858
- 2010-3859
- 2010-3861
- 2010-3865
- 2010-3873
- 2010-3874
- 2010-3875
- 2010-3876
- 2010-3877
- 2010-3880
- 2010-3904
- 2010-4072
- 2010-4073
- 2010-4074
- 2010-4076
- 2010-4077
- 2010-4078
- 2010-4079
- 2010-4080
- 2010-4081
- 2010-4082
- 2010-4083
- 2010-4157
- 2010-4158
- 2010-4160
- 2010-4163
- 2010-4165
- 2010-4169
- 2010-4175
- 2010-4248
| Stefan Bader (smb) wrote : | #1 |
| visibility: | private → public |
| affects: | ubuntu → linux (Ubuntu) |
| Changed in linux (Ubuntu Dapper): | |
| importance: | Undecided → Medium |
| status: | New → Invalid |
| Stefan Bader (smb) wrote : | #2 |
Fixed by upstream stable in 2.6.32-28-55
| Changed in linux (Ubuntu Lucid): | |
| importance: | Undecided → Medium |
| status: | New → Fix Released |
| Stefan Bader (smb) wrote : | #3 |
Fixed by upstream around 2.6.34
| Changed in linux (Ubuntu Maverick): | |
| status: | New → Fix Released |
| Changed in linux (Ubuntu Natty): | |
| assignee: | Stefan Bader (stefan-bader-canonical) → nobody |
| status: | In Progress → Fix Released |
| Changed in linux (Ubuntu Maverick): | |
| importance: | Undecided → Medium |
| Changed in linux (Ubuntu Karmic): | |
| assignee: | nobody → Stefan Bader (stefan-bader-canonical) |
| importance: | Undecided → Medium |
| status: | New → In Progress |
| Changed in linux (Ubuntu Hardy): | |
| assignee: | nobody → Stefan Bader (stefan-bader-canonical) |
| status: | New → In Progress |
| Changed in linux (Ubuntu Hardy): | |
| status: | In Progress → Fix Committed |
| Changed in linux (Ubuntu Karmic): | |
| status: | In Progress → Fix Committed |
| Launchpad Janitor (janitor) wrote : | #5 |
This bug was fixed in the package linux - 2.6.24-28.86
---------------
linux (2.6.24-28.86) hardy-proposed; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #716166
[Tim Gardner]
* xen unified block-device I/O interface back end can orphan devices,
CVE-2010-3699
- LP: #708019
- CVE-2010-3699
[Upstream Kernel Changes]
* Hardy SRU: thinkpad-acpi: lock down video output state access,
CVE-2010-3448
- LP: #706999
- CVE-2010-3448
* net: Limit socket I/O iovec total length to INT_MAX., CVE-2010-3859
- LP: #711855, #708839
- CVE-2010-4160
* net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859
- LP: #711855, #708839
- CVE-2010-4160
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* memory corruption in X.25 facilities parsing, CVE-2010-3873
- LP: #709372
- CVE-2010-3873
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #710714
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* KVM: VMX: fix vmx null pointer dereference on debug register access,
CVE-2010-0435
- LP: #712615
- CVE-2010-0435
* gdth: integer overflow in ioctl, CVE-2010-4157
- LP: #711797
- CVE-2010-4157
* posix-cpu-timers: workaround to suppress the problems with mt exec,
CVE-2010-4248
- LP: #712609
- CVE-2010-4248
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory,
CVE-2010-4080, CVE-2010-4081
- LP: #712723, #712737
- CVE-2010-4081
* sys_semctl: fix kernel stack leakage, CVE-2010-4083
- LP: #712749
- CVE-2010-4083
* inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880
- LP: #711865
- CVE-2010-3880
linux (2.6.24-28.85) hardy-proposed; urgency=low
[ Brad Figg ]
* Tracking Bug
- LP: #708315
[Upstream Kernel Changes]
* ata_piix: IDE mode SATA patch for Intel ICH10 DeviceID's
- LP: #693401
* USB: serial/mos*: prevent reading uninitialized stack memory,
CVE-2010-4074
- LP: #706149
- CVE-2010-4074
* KVM: Fix fs/gs reload oops with invalid ldt
- LP: #707000
- CVE-2010-3698
* drivers/
memory, CVE-2010-4078
- LP: #707579
- CVE-2010-4078
* V4L/DVB: ivtvfb: prevent reading uninitialized stack memory,
CVE-2010-4079
- LP: #707649
- CVE-2010-4079
linux (2.6.24-28.84) hardy-proposed; urgency=low
[ Steve Conklin ]
* Tracking Bug
- LP: #698185
linux (2.6.24-28.83) hardy-proposed; urgency=low
[ Steve Conklin ]
* tracking bug moved from here to latest entry
linux (2.6.24-28.82) hardy-proposed; urgency=low
[ Leann Ogasawara ]
* Revert "SAUCE: AF_ECONET saddr->cookie prevent NULL pointer
dereference"
* Revert "SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges"
* Revert "SAUCE: AF_ECONET prevent kernel stack overflow"
[Upstream Kernel Changes]
* xfs: validate untrust...
| Changed in linux (Ubuntu Hardy): | |
| status: | Fix Committed → Fix Released |
| Launchpad Janitor (janitor) wrote : | #6 |
This bug was fixed in the package linux - 2.6.31-22.73
---------------
linux (2.6.31-22.73) karmic-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug
- LP: #716648
[ Upstream Kernel Changes ]
* copied ABI directory
* net: Limit socket I/O iovec total length to INT_MAX., CVE-2010-3859
- LP: #708839, #711855
- CVE-2010-4160
* net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859
- LP: #708839, #711855
- CVE-2010-4160
* net: fix rds_iovec page count overflow, CVE-2010-3865
- LP: #709153
- CVE-2010-3865
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* can-bcm: fix minor heap overflow
- LP: #710680
- CVE-2010-3874
* memory corruption in X.25 facilities parsing, CVE-2010-3873
- LP: #709372
- CVE-2010-3873
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #710714
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* KVM: VMX: fix vmx null pointer dereference on debug register access,
CVE-2010-0435
- LP: #712615
- CVE-2010-0435
* gdth: integer overflow in ioctl, CVE-2010-4157
- LP: #711797
- CVE-2010-4157
* posix-cpu-timers: workaround to suppress the problems with mt exec,
CVE-2010-4248
- LP: #712609
- CVE-2010-4248
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory,
CVE-2010-4080, CVE-2010-4081
- LP: #712723, #712737
- CVE-2010-4081
* drivers/
CVE-2010-4082
- LP: #712744
- CVE-2010-4082
* sys_semctl: fix kernel stack leakage, CVE-2010-4083
- LP: #712749
- CVE-2010-4083
* inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880
- LP: #711865
- CVE-2010-3880
linux (2.6.31-22.72) karmic-proposed; urgency=low
[ Brad Figg ]
* Tracking Bug
- LP: #708860
[ Upstream Kernel Changes ]
* Karmic SRU: thinkpad-acpi: lock down video output state access, CVE-2010-3448
- LP: #706999
- CVE-2010-3448
* USB: serial/mos*: prevent reading uninitialized stack memory,
CVE-2010-4074
- LP: #706149
- CVE-2010-4074
* KVM: Fix fs/gs reload oops with invalid ldt
- LP: #707000
- CVE-2010-3698
* drivers/
memory, CVE-2010-4078
- LP: #707579
- CVE-2010-4078
* V4L/DVB: ivtvfb: prevent reading uninitialized stack memory,
CVE-2010-4079
- LP: #707649
- CVE-2010-4079
linux (2.6.31-22.71) karmic-proposed; urgency=low
[ Brad Figg ]
- LP: #698214
[ Upstream Kernel Changes ]
* ipc: initialize structure memory to zero for compat functions
* tcp: Increase TCP_MAXSEG socket option minimum.
- CVE-2010-4165
* perf_events: Fix perf_counter_mmap() hook in mprotect()
- CVE-2010-4169
* af_unix: limit unix_tot_inflight
- CVE-2010-4249
-- Steve Conklin <email address hidden> Thu, 10 Feb 2011 13:49:49...
| Changed in linux (Ubuntu Karmic): | |
| status: | Fix Committed → Fix Released |
| Changed in linux-mvl-dove (Ubuntu Natty): | |
| status: | New → Invalid |
| Launchpad Janitor (janitor) wrote : | #7 |
This bug was fixed in the package linux-mvl-dove - 2.6.32-216.33
---------------
linux-mvl-dove (2.6.32-216.33) lucid-proposed; urgency=low
[ Ubuntu: 2.6.32-31.60 ]
* Release Tracking Bug
- LP: #734950
* SAUCE: Clear new_profile in error path
- LP: #732700
* [Config] CONFIG_
- LP: #733191
* Revert "drm/radeon/bo: add some fallback placements for VRAM only
objects."
- LP: #652934
* drm/radeon: fall back to GTT if bo creation/validation in VRAM fails.
- LP: #652934
* drm/radeon/kms: Fix retrying ttm_bo_init() after it failed once.
- LP: #652934
* xfs: always use iget in bulkstat
- LP: #692848
* drm/radeon/kms: make the mac rv630 quirk generic
- LP: #728687
* drm/radeon/kms: add pll debugging output
- LP: #728687
* drm/radeon: remove 0x4243 pci id
- LP: #728687
* drm/radeon/kms: fix s/r issues with bios scratch regs
- LP: #728687
* drm/i915/lvds: Add AOpen i915GMm-HFS to the list of false-positive LVDS
- LP: #728687
* drm/i915: Add dependency on CONFIG_TMPFS
- LP: #728687
* Linux 2.6.32.29+drm33.14
- LP: #728687
* NFSD: memory corruption due to writing beyond the stat array
- LP: #728687
* mptfusion: mptctl_release is required in mptctl.c
- LP: #728687
* mptfusion: Fix Incorrect return value in mptscsih_dev_reset
- LP: #728687
* ocfs2_connectio
- LP: #728687
* x25: decrement netdev reference counts on unload
- LP: #728687
* x86, hpet: Disable per-cpu hpet timer if ARAT is supported
- LP: #728687
* OHCI: work around for nVidia shutdown problem
- LP: #728687
* x86/pvclock: Zero last_value on resume
- LP: #728687
* av7110: check for negative array offset
- LP: #728687
* CRED: Fix get_task_cred() and task_state() to not resurrect dead
credentials
- LP: #728687
* bonding/vlan: Avoid mangled NAs on slaves without VLAN tag insertion
- LP: #728687
* CRED: Fix kernel panic upon security_
- LP: #728687
* CRED: Fix BUG() upon security_
- LP: #728687
* CRED: Fix memory and refcount leaks upon security_
failure
- LP: #728687
* sendfile(): check f_op.splice_write() rather than f_op.sendpage()
- LP: #728687
* isdn: hisax: Replace the bogus access to irq stats
- LP: #728687
* ixgbe: add support for 82599 based Express Module X520-P2
- LP: #728687
* ixgbe: prevent speculative processing of descriptors before ready
- LP: #728687
* scsi_dh_alua: add netapp to dev list
- LP: #728687
* scsi_dh_alua: Add IBM Power Virtual SCSI ALUA device to dev list
- LP: #728687
* dm raid1: fail writes if errors are not handled and log fails
- LP: #728687
* GFS2: Fix bmap allocation corner-case bug
- LP: #728687
* dm raid1: fix null pointer dereference in suspend
- LP: #728687
* sunrpc/cache: fix module refcnt leak in a failure path
- LP: #728687
* be2net: Maintain tx and rx counters in driver
- LP: #728687
* tcp: Make TCP_MAXSEG minimum more correct.
- LP: #728687
* nfsd: correctly handle return value from ...
| Changed in linux-mvl-dove (Ubuntu Lucid): | |
| status: | New → Fix Released |
| Changed in linux-mvl-dove (Ubuntu Dapper): | |
| status: | New → Invalid |
| Changed in linux-mvl-dove (Ubuntu Karmic): | |
| status: | New → Invalid |
| Changed in linux-mvl-dove (Ubuntu Hardy): | |
| status: | New → Invalid |
| Changed in linux-mvl-dove (Ubuntu Maverick): | |
| status: | New → Fix Released |
No KVM in Dapper