Ubuntu
linux-ti-omap4 package

CVE-2010-4238

  1. Natty (11.04)
  2. Bug #803931
Bug #803931 reported by Stefan Bader
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Hardy
Fix Released
Undecided
Stefan Bader
Lucid
Invalid
Undecided
Unassigned
Maverick
Invalid
Undecided
Unassigned
Natty
Invalid
Undecided
Unassigned
Oneiric
Invalid
Undecided
Unassigned
linux-fsl-imx51 (Ubuntu)
Invalid
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Maverick
Invalid
Undecided
Unassigned
Natty
Invalid
Undecided
Unassigned
Oneiric
Invalid
Undecided
Unassigned
linux-lts-backport-maverick (Ubuntu)
Invalid
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Maverick
Invalid
Undecided
Unassigned
Natty
Invalid
Undecided
Unassigned
Oneiric
Invalid
Undecided
Unassigned
linux-mvl-dove (Ubuntu)
Invalid
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Maverick
Invalid
Undecided
Unassigned
Natty
Invalid
Undecided
Unassigned
Oneiric
Invalid
Undecided
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Maverick
Invalid
Undecided
Unassigned
Natty
Invalid
Undecided
Unassigned
Oneiric
Invalid
Undecided
Unassigned

Bug Description

The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.

See original description
Revision history for this message
Stefan Bader (smb) wrote :

CVE-2010-4238

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Stefan Bader (smb)
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Maverick):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status: New → Invalid
Stefan Bader (smb)
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Revision history for this message
Stefan Bader (smb) wrote :

No dom0 after Hardy and Oneiric is not affected.

Changed in linux (Ubuntu Oneiric):
status: New → Invalid
Changed in linux (Ubuntu Natty):
status: New → Invalid
Changed in linux (Ubuntu Maverick):
status: New → Invalid
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Hardy):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
status: New → In Progress
Stefan Bader (smb)
description: updated
Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Hardy):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.24-29.92

---------------
linux (2.6.24-29.92) hardy-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #812360

  [Upstream Kernel Changes]

  * af_unix: limit unix_tot_inflight CVE-2010-4249
    - LP: #769182
    - CVE-2010-4249
  * xfs: zero proper structure size for geometry calls CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
  * netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
    - LP: #801482
    - CVE-2011-1171
  * econet: 4 byte infoleak to the network CVE-2011-1173
    - LP: #801484
    - CVE-2011-1173
  * netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
    - LP: #801480
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
    - LP: #801483
    - CVE-2011-1172
  * xen: don't allow blkback virtual CDROM device, CVE-2010-4238
    - LP: #803931
    - CVE-2010-4238
  * IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
    - LP: #805512
  * ipc: initialize structure memory to zero for compat functions
    CVE-2010-4073
    - LP: #806366
    - CVE-2010-4073
  * tcp: Increase TCP_MAXSEG socket option minimum CVE-2010-4165
    - LP: #806374
    - CVE-2010-4165
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * netfilter: ipt_CLUSTERIP: fix buffer overflow, CVE-2011-2534
    - LP: #801473
    - CVE-2011-2534
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the
    slab (v3), CVE-2011-1090
    - LP: #800775
    - CVE-2011-1090
  * fs/partitions: Validate map_count in Mac partition tables
    - LP: #804225
    - CVE-2011-1010
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 18 Jul 2011 12:36:01 -0300

Changed in linux (Ubuntu Hardy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.