2011-06-02 16:17:24 |
Andy Whitcroft |
bug |
|
|
added bug |
2011-06-02 16:17:26 |
Andy Whitcroft |
tags |
|
kernel-cve-tracking-bug |
|
2011-06-02 16:17:27 |
Andy Whitcroft |
security vulnerability |
no |
yes |
|
2011-06-02 16:17:33 |
Andy Whitcroft |
cve linked |
|
2011-1746 |
|
2011-06-02 16:17:37 |
Andy Whitcroft |
nominated for series |
|
Ubuntu Oneiric |
|
2011-06-02 16:17:38 |
Andy Whitcroft |
bug task added |
|
linux (Ubuntu Oneiric) |
|
2011-06-02 16:17:38 |
Andy Whitcroft |
bug task added |
|
linux-fsl-imx51 (Ubuntu Oneiric) |
|
2011-06-02 16:17:38 |
Andy Whitcroft |
bug task added |
|
linux-lts-backport-maverick (Ubuntu Oneiric) |
|
2011-06-02 16:17:38 |
Andy Whitcroft |
bug task added |
|
linux-mvl-dove (Ubuntu Oneiric) |
|
2011-06-02 16:17:38 |
Andy Whitcroft |
bug task added |
|
linux-ti-omap4 (Ubuntu Oneiric) |
|
2011-06-02 16:17:43 |
Andy Whitcroft |
nominated for series |
|
Ubuntu Natty |
|
2011-06-02 16:17:44 |
Andy Whitcroft |
bug task added |
|
linux (Ubuntu Natty) |
|
2011-06-02 16:17:44 |
Andy Whitcroft |
bug task added |
|
linux-fsl-imx51 (Ubuntu Natty) |
|
2011-06-02 16:17:44 |
Andy Whitcroft |
bug task added |
|
linux-lts-backport-maverick (Ubuntu Natty) |
|
2011-06-02 16:17:44 |
Andy Whitcroft |
bug task added |
|
linux-mvl-dove (Ubuntu Natty) |
|
2011-06-02 16:17:44 |
Andy Whitcroft |
bug task added |
|
linux-ti-omap4 (Ubuntu Natty) |
|
2011-06-02 16:17:48 |
Andy Whitcroft |
nominated for series |
|
Ubuntu Maverick |
|
2011-06-02 16:17:49 |
Andy Whitcroft |
bug task added |
|
linux (Ubuntu Maverick) |
|
2011-06-02 16:17:49 |
Andy Whitcroft |
bug task added |
|
linux-fsl-imx51 (Ubuntu Maverick) |
|
2011-06-02 16:17:49 |
Andy Whitcroft |
bug task added |
|
linux-lts-backport-maverick (Ubuntu Maverick) |
|
2011-06-02 16:17:49 |
Andy Whitcroft |
bug task added |
|
linux-mvl-dove (Ubuntu Maverick) |
|
2011-06-02 16:17:49 |
Andy Whitcroft |
bug task added |
|
linux-ti-omap4 (Ubuntu Maverick) |
|
2011-06-02 16:17:53 |
Andy Whitcroft |
nominated for series |
|
Ubuntu Lucid |
|
2011-06-02 16:17:54 |
Andy Whitcroft |
bug task added |
|
linux (Ubuntu Lucid) |
|
2011-06-02 16:17:54 |
Andy Whitcroft |
bug task added |
|
linux-fsl-imx51 (Ubuntu Lucid) |
|
2011-06-02 16:17:54 |
Andy Whitcroft |
bug task added |
|
linux-lts-backport-maverick (Ubuntu Lucid) |
|
2011-06-02 16:17:54 |
Andy Whitcroft |
bug task added |
|
linux-mvl-dove (Ubuntu Lucid) |
|
2011-06-02 16:17:54 |
Andy Whitcroft |
bug task added |
|
linux-ti-omap4 (Ubuntu Lucid) |
|
2011-06-02 16:18:00 |
Andy Whitcroft |
nominated for series |
|
Ubuntu Hardy |
|
2011-06-02 16:18:01 |
Andy Whitcroft |
bug task added |
|
linux (Ubuntu Hardy) |
|
2011-06-02 16:18:01 |
Andy Whitcroft |
bug task added |
|
linux-fsl-imx51 (Ubuntu Hardy) |
|
2011-06-02 16:18:01 |
Andy Whitcroft |
bug task added |
|
linux-lts-backport-maverick (Ubuntu Hardy) |
|
2011-06-02 16:18:01 |
Andy Whitcroft |
bug task added |
|
linux-mvl-dove (Ubuntu Hardy) |
|
2011-06-02 16:18:01 |
Andy Whitcroft |
bug task added |
|
linux-ti-omap4 (Ubuntu Hardy) |
|
2011-06-02 16:24:31 |
Andy Whitcroft |
linux (Ubuntu Hardy): status |
New |
In Progress |
|
2011-06-02 16:24:31 |
Andy Whitcroft |
linux (Ubuntu Hardy): assignee |
|
Andy Whitcroft (apw) |
|
2011-06-02 16:24:48 |
Andy Whitcroft |
linux (Ubuntu Lucid): status |
New |
Fix Released |
|
2011-06-02 16:25:14 |
Andy Whitcroft |
linux (Ubuntu Maverick): status |
New |
Fix Released |
|
2011-06-02 16:25:14 |
Andy Whitcroft |
linux (Ubuntu Maverick): assignee |
|
Andy Whitcroft (apw) |
|
2011-06-02 16:25:32 |
Andy Whitcroft |
linux (Ubuntu Maverick): status |
Fix Released |
In Progress |
|
2011-06-02 16:27:07 |
Andy Whitcroft |
linux (Ubuntu Natty): status |
New |
Fix Released |
|
2011-06-02 16:27:46 |
Andy Whitcroft |
linux (Ubuntu Oneiric): status |
New |
Invalid |
|
2011-06-02 16:29:56 |
Andy Whitcroft |
description |
Placeholder |
Fixed By:
commit b522f02184b413955f3bc952e3776ce41edc6355
Author: Vasiliy Kulikov <segoon@openwall.com>
Date: Thu Apr 14 20:55:19 2011 +0400
agp: fix OOM and buffer overflow
page_count is copied from userspace. agp_allocate_memory() tries to
check whether this number is too big, but doesn't take into account the
wrap case. Also agp_create_user_memory() doesn't check whether
alloc_size is calculated from num_agp_pages variable without overflow.
This may lead to allocation of too small buffer with following buffer
overflow.
Another problem in agp code is not addressed in the patch - kernel memory
exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls). It is not checked
whether requested pid is a pid of the caller (no check in agpioc_reserve_wra
Each allocation is limited to 16KB, though, there is no per-process limit.
This might lead to OOM situation, which is not even solved in case of the
caller death by OOM killer - the memory is allocated for another (faked) pro
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
This fix has hit Oneiric, Natty and Lucid via mainline/stable updates. |
|
2011-07-05 11:04:31 |
Andy Whitcroft |
linux-ti-omap4 (Ubuntu Lucid): status |
New |
Invalid |
|
2011-07-05 11:04:34 |
Andy Whitcroft |
linux-fsl-imx51 (Ubuntu Maverick): status |
New |
Invalid |
|
2011-07-05 11:04:36 |
Andy Whitcroft |
linux-lts-backport-maverick (Ubuntu Maverick): status |
New |
Invalid |
|
2011-07-05 11:04:39 |
Andy Whitcroft |
linux-fsl-imx51 (Ubuntu Natty): status |
New |
Invalid |
|
2011-07-05 11:04:41 |
Andy Whitcroft |
linux-lts-backport-maverick (Ubuntu Natty): status |
New |
Invalid |
|
2011-07-05 11:04:43 |
Andy Whitcroft |
linux-mvl-dove (Ubuntu Natty): status |
New |
Invalid |
|
2011-07-05 11:04:45 |
Andy Whitcroft |
linux-fsl-imx51 (Ubuntu Oneiric): status |
New |
Invalid |
|
2011-07-05 11:04:47 |
Andy Whitcroft |
linux-lts-backport-maverick (Ubuntu Oneiric): status |
New |
Invalid |
|
2011-07-05 11:04:50 |
Andy Whitcroft |
linux-mvl-dove (Ubuntu Oneiric): status |
New |
Invalid |
|
2011-07-05 11:04:53 |
Andy Whitcroft |
linux-fsl-imx51 (Ubuntu Hardy): status |
New |
Invalid |
|
2011-07-05 11:04:54 |
Andy Whitcroft |
linux-lts-backport-maverick (Ubuntu Hardy): status |
New |
Invalid |
|
2011-07-05 11:04:57 |
Andy Whitcroft |
linux-mvl-dove (Ubuntu Hardy): status |
New |
Invalid |
|
2011-07-05 11:04:59 |
Andy Whitcroft |
linux-ti-omap4 (Ubuntu Hardy): status |
New |
Invalid |
|
2011-07-12 17:19:16 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-proposed/linux-lts-backport-maverick |
|
2011-07-14 16:24:30 |
Launchpad Janitor |
linux (Ubuntu Hardy): status |
In Progress |
Fix Released |
|
2011-07-14 16:24:30 |
Launchpad Janitor |
cve linked |
|
2010-4076 |
|
2011-07-14 16:24:30 |
Launchpad Janitor |
cve linked |
|
2010-4077 |
|
2011-07-14 16:24:30 |
Launchpad Janitor |
cve linked |
|
2010-4247 |
|
2011-07-14 16:24:30 |
Launchpad Janitor |
cve linked |
|
2010-4526 |
|
2011-07-14 16:24:30 |
Launchpad Janitor |
cve linked |
|
2011-0726 |
|
2011-07-14 16:24:30 |
Launchpad Janitor |
cve linked |
|
2011-1163 |
|
2011-07-14 16:24:30 |
Launchpad Janitor |
cve linked |
|
2011-1577 |
|
2011-08-02 03:14:20 |
Kees Cook |
linux-mvl-dove (Ubuntu Lucid): status |
New |
Fix Released |
|
2011-08-02 03:14:24 |
Kees Cook |
linux-mvl-dove (Ubuntu Maverick): status |
New |
Fix Released |
|
2011-08-02 03:14:26 |
Kees Cook |
linux-lts-backport-maverick (Ubuntu Lucid): status |
New |
Fix Committed |
|
2011-08-02 03:14:28 |
Kees Cook |
linux (Ubuntu Maverick): status |
In Progress |
Fix Committed |
|
2011-08-02 03:14:31 |
Kees Cook |
linux-ti-omap4 (Ubuntu Oneiric): status |
New |
Fix Committed |
|
2011-08-02 03:14:33 |
Kees Cook |
linux-ti-omap4 (Ubuntu Maverick): status |
New |
Fix Committed |
|
2011-08-02 03:14:35 |
Kees Cook |
linux-ti-omap4 (Ubuntu Natty): status |
New |
Fix Committed |
|
2011-08-02 03:14:38 |
Kees Cook |
linux-fsl-imx51 (Ubuntu Lucid): status |
New |
Fix Released |
|
2011-08-02 03:14:40 |
Kees Cook |
description |
Fixed By:
commit b522f02184b413955f3bc952e3776ce41edc6355
Author: Vasiliy Kulikov <segoon@openwall.com>
Date: Thu Apr 14 20:55:19 2011 +0400
agp: fix OOM and buffer overflow
page_count is copied from userspace. agp_allocate_memory() tries to
check whether this number is too big, but doesn't take into account the
wrap case. Also agp_create_user_memory() doesn't check whether
alloc_size is calculated from num_agp_pages variable without overflow.
This may lead to allocation of too small buffer with following buffer
overflow.
Another problem in agp code is not addressed in the patch - kernel memory
exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls). It is not checked
whether requested pid is a pid of the caller (no check in agpioc_reserve_wra
Each allocation is limited to 16KB, though, there is no per-process limit.
This might lead to OOM situation, which is not even solved in case of the
caller death by OOM killer - the memory is allocated for another (faked) pro
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
This fix has hit Oneiric, Natty and Lucid via mainline/stable updates. |
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.
Fixed-by: b522f02184b413955f3bc952e3776ce41edc6355 |
|
2011-08-02 17:37:49 |
Launchpad Janitor |
linux (Ubuntu Maverick): status |
Fix Committed |
Fix Released |
|
2011-08-02 17:37:49 |
Launchpad Janitor |
cve linked |
|
2011-1090 |
|
2011-08-02 17:37:49 |
Launchpad Janitor |
cve linked |
|
2011-1598 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
linux-lts-backport-maverick (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-3698 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-3865 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-3875 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-3876 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-3877 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-3880 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-4079 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-4083 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-4163 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-4175 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-4248 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-4529 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2010-4565 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2011-0463 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2011-0711 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2011-1016 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2011-1017 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2011-1169 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2011-1494 |
|
2011-08-08 21:28:56 |
Launchpad Janitor |
cve linked |
|
2011-1748 |
|
2011-08-10 22:09:33 |
Kees Cook |
linux-ec2 (Ubuntu Lucid): status |
New |
Fix Released |
|
2011-08-10 22:09:35 |
Kees Cook |
linux-ec2 (Ubuntu Oneiric): status |
New |
Invalid |
|
2011-08-10 22:09:38 |
Kees Cook |
linux-ec2 (Ubuntu Hardy): status |
New |
Invalid |
|
2011-08-10 22:09:40 |
Kees Cook |
linux-ec2 (Ubuntu Maverick): status |
New |
Invalid |
|
2011-08-10 22:09:43 |
Kees Cook |
linux-ec2 (Ubuntu Natty): status |
New |
Invalid |
|
2011-08-10 22:09:46 |
Kees Cook |
linux-lts-backport-natty (Ubuntu Lucid): status |
New |
Invalid |
|
2011-08-10 22:09:49 |
Kees Cook |
linux-lts-backport-natty (Ubuntu Oneiric): status |
New |
Invalid |
|
2011-08-10 22:09:52 |
Kees Cook |
linux-lts-backport-natty (Ubuntu Hardy): status |
New |
Invalid |
|
2011-08-10 22:09:55 |
Kees Cook |
linux-lts-backport-natty (Ubuntu Maverick): status |
New |
Invalid |
|
2011-08-10 22:09:57 |
Kees Cook |
linux-lts-backport-natty (Ubuntu Natty): status |
New |
Invalid |
|
2011-08-10 22:10:00 |
Kees Cook |
description |
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.
Fixed-by: b522f02184b413955f3bc952e3776ce41edc6355 |
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.
Break-Fix: - b522f02184b413955f3bc952e3776ce41edc6355 |
|
2011-08-16 20:58:50 |
Kees Cook |
linux-ec2 (Ubuntu Lucid): importance |
Undecided |
Low |
|
2011-08-16 20:58:53 |
Kees Cook |
linux-ec2 (Ubuntu Oneiric): importance |
Undecided |
Low |
|
2011-08-16 20:58:56 |
Kees Cook |
linux-ec2 (Ubuntu Hardy): importance |
Undecided |
Low |
|
2011-08-16 20:58:58 |
Kees Cook |
linux-ec2 (Ubuntu Maverick): importance |
Undecided |
Low |
|
2011-08-16 20:59:00 |
Kees Cook |
linux-ec2 (Ubuntu Natty): importance |
Undecided |
Low |
|
2011-08-16 20:59:02 |
Kees Cook |
linux-lts-backport-natty (Ubuntu Lucid): importance |
Undecided |
Low |
|
2011-08-16 20:59:05 |
Kees Cook |
linux-lts-backport-natty (Ubuntu Oneiric): importance |
Undecided |
Low |
|
2011-08-16 20:59:08 |
Kees Cook |
linux-lts-backport-natty (Ubuntu Hardy): importance |
Undecided |
Low |
|
2011-08-16 20:59:10 |
Kees Cook |
linux-lts-backport-natty (Ubuntu Maverick): importance |
Undecided |
Low |
|
2011-08-16 20:59:13 |
Kees Cook |
linux-lts-backport-natty (Ubuntu Natty): importance |
Undecided |
Low |
|
2011-08-16 20:59:15 |
Kees Cook |
linux-mvl-dove (Ubuntu Lucid): importance |
Undecided |
Low |
|
2011-08-16 20:59:18 |
Kees Cook |
linux-mvl-dove (Ubuntu Oneiric): importance |
Undecided |
Low |
|
2011-08-16 20:59:20 |
Kees Cook |
linux-mvl-dove (Ubuntu Hardy): importance |
Undecided |
Low |
|
2011-08-16 20:59:23 |
Kees Cook |
linux-mvl-dove (Ubuntu Maverick): importance |
Undecided |
Low |
|
2011-08-16 20:59:25 |
Kees Cook |
linux-mvl-dove (Ubuntu Natty): importance |
Undecided |
Low |
|
2011-08-16 20:59:27 |
Kees Cook |
linux-lts-backport-maverick (Ubuntu Lucid): importance |
Undecided |
Low |
|
2011-08-16 20:59:29 |
Kees Cook |
linux-lts-backport-maverick (Ubuntu Oneiric): importance |
Undecided |
Low |
|
2011-08-16 20:59:31 |
Kees Cook |
linux-lts-backport-maverick (Ubuntu Hardy): importance |
Undecided |
Low |
|
2011-08-16 20:59:33 |
Kees Cook |
linux-lts-backport-maverick (Ubuntu Maverick): importance |
Undecided |
Low |
|
2011-08-16 20:59:35 |
Kees Cook |
linux-lts-backport-maverick (Ubuntu Natty): importance |
Undecided |
Low |
|
2011-08-16 20:59:37 |
Kees Cook |
linux (Ubuntu Lucid): importance |
Undecided |
Low |
|
2011-08-16 20:59:40 |
Kees Cook |
linux (Ubuntu Oneiric): importance |
Undecided |
Low |
|
2011-08-16 20:59:43 |
Kees Cook |
linux (Ubuntu Hardy): importance |
Undecided |
Low |
|
2011-08-16 20:59:45 |
Kees Cook |
linux (Ubuntu Maverick): importance |
Undecided |
Low |
|
2011-08-16 20:59:47 |
Kees Cook |
linux (Ubuntu Natty): importance |
Undecided |
Low |
|
2011-08-16 20:59:50 |
Kees Cook |
linux-ti-omap4 (Ubuntu Lucid): importance |
Undecided |
Low |
|
2011-08-16 20:59:52 |
Kees Cook |
linux-ti-omap4 (Ubuntu Oneiric): importance |
Undecided |
Low |
|
2011-08-16 20:59:54 |
Kees Cook |
linux-ti-omap4 (Ubuntu Hardy): importance |
Undecided |
Low |
|
2011-08-16 20:59:57 |
Kees Cook |
linux-ti-omap4 (Ubuntu Maverick): importance |
Undecided |
Low |
|
2011-08-16 20:59:59 |
Kees Cook |
linux-ti-omap4 (Ubuntu Natty): importance |
Undecided |
Low |
|
2011-08-16 21:00:01 |
Kees Cook |
linux-fsl-imx51 (Ubuntu Lucid): importance |
Undecided |
Low |
|
2011-08-16 21:00:03 |
Kees Cook |
linux-fsl-imx51 (Ubuntu Oneiric): importance |
Undecided |
Low |
|
2011-08-16 21:00:05 |
Kees Cook |
linux-fsl-imx51 (Ubuntu Hardy): importance |
Undecided |
Low |
|
2011-08-16 21:00:08 |
Kees Cook |
linux-fsl-imx51 (Ubuntu Maverick): importance |
Undecided |
Low |
|
2011-08-16 21:00:10 |
Kees Cook |
linux-fsl-imx51 (Ubuntu Natty): importance |
Undecided |
Low |
|
2011-09-13 20:31:18 |
Kees Cook |
linux-ti-omap4 (Ubuntu Maverick): status |
Fix Committed |
Fix Released |
|
2011-09-21 13:11:10 |
Marc Deslauriers |
linux-ti-omap4 (Ubuntu Natty): status |
Fix Committed |
Fix Released |
|
2012-09-24 10:11:34 |
Paolo Pisati |
linux-ti-omap4 (Ubuntu Oneiric): status |
Fix Committed |
Invalid |
|
2012-09-24 10:12:28 |
Paolo Pisati |
linux-ti-omap4 (Ubuntu): status |
Fix Committed |
Fix Released |
|