[Bug 723945] Re: CVE-2010-4258
lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as Won't Fix. ** Changed in: linux-mvl-dove (Ubuntu Lucid) Status: In Progress = Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/723945/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux-lts-backport-maverick (Ubuntu Lucid) Status: New = Won't Fix ** Changed in: linux-lts-backport-maverick (Ubuntu Maverick) Status: New = Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/723945/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux-lts-backport-maverick (Ubuntu Hardy) Status: New = Won't Fix ** Changed in: linux-mvl-dove (Ubuntu Maverick) Status: New = Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/723945/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux-lts-backport-maverick (Ubuntu Dapper) Status: New = Won't Fix ** Changed in: linux-lts-backport-maverick (Ubuntu Karmic) Status: New = Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/723945/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux (Ubuntu Dapper) Status: Fix Committed = Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/723945/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
This bug was fixed in the package linux-fsl-imx51 - 2.6.31-609.26 --- linux-fsl-imx51 (2.6.31-609.26) lucid; urgency=low [ Paolo Pisati ] * Tracking bug - LP: #795219 * [Config] Disable parport_pc on fsl-imx51 - LP: #601226 [ Upstream Kernel Changes ] * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory - LP: #712723, #712737 * can-bcm: fix minor heap overflow - LP: #710680 * drivers/video/via/ioctl.c: prevent reading uninitialized stack memory - LP: #712744 * gdth: integer overflow in ioctl - LP: #711797 * inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880 - LP: #711865 - CVE-2010-3880 * net: fix rds_iovec page count overflow, CVE-2010-3865 - LP: #709153 - CVE-2010-3865 * net: packet: fix information leak to userland, CVE-2010-3876 - LP: #711045 - CVE-2010-3876 * net: tipc: fix information leak to userland, CVE-2010-3877 - LP: #711291 - CVE-2010-3877 * net: Truncate recvfrom and sendto length to INT_MAX. - LP: #708839 * posix-cpu-timers: workaround to suppress the problems with mt exec - LP: #712609 * sys_semctl: fix kernel stack leakage - LP: #712749 * x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet. - LP: #709372 * memory corruption in X.25 facilities parsing - LP: #709372 * net: ax25: fix information leak to userland, CVE-2010-3875 - LP: #710714 - CVE-2010-3875 * net: ax25: fix information leak to userland harder, CVE-2010-3875 - LP: #710714 - CVE-2010-3875 * fs/partitions/ldm.c: fix oops caused by corrupted partition table, CVE-2011-1017 - LP: #771382 - CVE-2011-1017 * net: clear heap allocations for privileged ethtool actions - LP: #771445 * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code - LP: #772543 * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo - LP: #772543 * exec: make argv/envp memory visible to oom-killer - LP: #768408 * next_pidmap: fix overflow condition - LP: #784727 * proc: do proper range check on readdir offset - LP: #784727 * mpt2sas: prevent heap overflows and unchecked reads - LP: #787145 * agp: fix arbitrary kernel memory writes - LP: #788684 * can: add missing socket check in can/raw release - LP: #788694 * agp: fix OOM and buffer overflow - LP: #788700 * do_exit(): make sure that we run with get_fs() == USER_DS - CVE-2010-4258 - LP: #723945 - CVE-2010-4258 * x25: Prevent crashing when parsing bad X.25 facilities - CVE-2010-4164 - LP: #731199 - CVE-2010-4164 * install_special_mapping skips security_file_mmap check - CVE-2010-4346 - LP: #731971 - CVE-2010-4346 * econet: Fix crash in aun_incoming() - CVE-2010-4342 - LP: #736394 - CVE-2010-4342 * sound: Prevent buffer overflow in OSS load_mixer_volumes - CVE-2010-4527 - LP: #737073 - CVE-2010-4527 * irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529 - LP: #737823 - CVE-2010-4529 * CAN: Use inode instead of kernel address for /proc file - CVE-2010-4565 - LP: #765007 - CVE-2010-4565 * av7110: check for negative array offset - CVE-2011-0521 - LP: #767526 - CVE-2011-0521 * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 - CVE-2011-0711 - LP: #767740 - CVE-2011-0711 * xfs: zero proper structure size for geometry calls - CVE-2011-0711 - LP: #767740 - CVE-2011-0711 * ALSA: caiaq - Fix possible string-buffer overflow - CVE-2011-0712 - LP: #768448 - CVE-2011-0712 * RDMA/cma: Fix crash in request handlers - CVE-2011-0695 - LP: #770369 - CVE-2011-0695 * IB/cm: Bump reference count on cm_id before invoking callback - CVE-2011-0695 - LP: #770369 - CVE-2011-0695 * Treat writes as new when holes span across page boundaries - CVE-2011-0463 - LP: #770483 - CVE-2011-0463 * usb: iowarrior: don't trust report_size for buffer size - CVE-2010-4656 - LP: #771484 - CVE-2010-4656 * tty: icount changeover for other main devices, CVE-2010-4076, CVE-2010-4077 - LP: #720189 - CVE-2010-4077 -- Paolo Pisati paolo.pis...@canonical.com Fri, 27 May 2011 18:09:53 +0200 ** Changed in: linux-fsl-imx51 (Ubuntu Lucid) Status: In Progress = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-3865 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-3875 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-3876 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-3877 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-3880 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4342 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4527 ** CVE added: http://www.cve.mitre.org/cgi-
[Bug 723945] Re: CVE-2010-4258
karmic is EOL ** Changed in: linux-fsl-imx51 (Ubuntu Dapper) Status: New = Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Hardy) Status: New = Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Maverick) Status: New = Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Karmic) Status: New = Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux-fsl-imx51 (Ubuntu Lucid) Status: New = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux-mvl-dove (Ubuntu Lucid) Status: New = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
This bug was fixed in the package linux - 2.6.24-29.88 --- linux (2.6.24-29.88) hardy-proposed; urgency=low [ Brad Figg ] * Release Tracking Bug - LP: #736290 [Steve Conklin] * Ubuntu-2.6.24-29.87 * [Config] Allow insertchanges to work in later version chroots [Upstream Kernel Changes] * do_exit(): make sure that we run with get_fs() == USER_DS, CVE-2010-4258 - LP: #723945 - CVE-2010-4258 * Make the bulkstat_one compat ioctl handling more sane - LP: #692848 * Fix xfs_bulkstat_one size checks error handling - LP: #692848 * xfs: always use iget in bulkstat - LP: #692848 * x25: Prevent crashing when parsing bad X.25 facilities CVE-2010-4164 - LP: #731199 - CVE-2010-4164 * Revised [CVE-2010-4346 Hardy] install_special_mapping skips security_file_mmap check. CVE-2010-4346 - LP: #731971 - CVE-2010-4346 linux (2.6.24-29.87) hardy-proposed; urgency=low [ Steve Conklin ] * Release Tracking Bug - LP: #725138 [Upstream Kernel Changes] * bluetooth: Fix missing NULL check, CVE-2010-4242 - LP: #714846 - CVE-2010-4242 * NFS: fix the return value of nfs_file_fsync() - LP: #585657 * bio: take care not overflow page count when mapping/copying user data, CVE-2010-4162 - LP: #721441 - CVE-2010-4162 * filter: make sure filters dont read uninitialized memory - LP: #721282 - CVE-2010-4158 * tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077 - LP: #720189 - CVE-2010-4077 * block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 - LP: #721504 - CVE-2010-4163 -- Brad Figg brad.f...@canonical.com Wed, 16 Mar 2011 09:43:35 -0700 ** Changed in: linux (Ubuntu Hardy) Status: Fix Committed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4076 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4077 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4158 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4162 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4163 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4164 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4242 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4346 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux-ti-omap4 (Ubuntu Dapper) Status: Confirmed = Invalid ** Changed in: linux-ti-omap4 (Ubuntu Hardy) Status: Confirmed = Invalid ** Changed in: linux-ti-omap4 (Ubuntu Karmic) Status: Confirmed = Invalid ** Changed in: linux-ti-omap4 (Ubuntu Lucid) Status: Confirmed = Invalid ** Changed in: linux-mvl-dove (Ubuntu Dapper) Status: New = Invalid ** Changed in: linux-mvl-dove (Ubuntu Hardy) Status: New = Invalid ** Changed in: linux-mvl-dove (Ubuntu Karmic) Status: New = Invalid ** Changed in: linux-mvl-dove (Ubuntu Lucid) Assignee: (unassigned) = Paolo Pisati (p-pisati) ** Changed in: linux-mvl-dove (Ubuntu Maverick) Assignee: (unassigned) = Paolo Pisati (p-pisati) ** Changed in: linux-ti-omap4 (Ubuntu Maverick) Assignee: (unassigned) = Paolo Pisati (p-pisati) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
maverick/ti-omap4: already fixed in 472dee75 natty/ti-omap4: already fixed in 33dd94ae ** Changed in: linux-ti-omap4 (Ubuntu Maverick) Status: Confirmed = Fix Released ** Changed in: linux-ti-omap4 (Ubuntu Natty) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
lucid/master: fixed in ca59f93c maverick/master: fixed in 472dee75 ** Changed in: linux (Ubuntu Lucid) Status: New = Fix Released ** Changed in: linux (Ubuntu Maverick) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux (Ubuntu Karmic) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Branch linked: lp:ubuntu/dapper-proposed/linux-source-2.6.15 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Tags added: kernel-cve-tracking-bug -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Branch linked: lp:ubuntu/karmic-proposed/linux-ec2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux-mvl-dove (Ubuntu Natty) Status: New = Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Natty) Status: New = Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Natty) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux-ti-omap4 (Ubuntu Lucid) Status: New = Confirmed ** Changed in: linux-ti-omap4 (Ubuntu Maverick) Status: New = Confirmed ** Changed in: linux-ti-omap4 (Ubuntu Natty) Status: New = Confirmed ** Changed in: linux-ti-omap4 (Ubuntu Dapper) Status: New = Confirmed ** Changed in: linux-ti-omap4 (Ubuntu Hardy) Status: New = Confirmed ** Changed in: linux-ti-omap4 (Ubuntu Karmic) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux (Ubuntu Dapper) Status: New = Fix Committed ** Changed in: linux (Ubuntu Dapper) Assignee: (unassigned) = Brad Figg (brad-figg) ** Changed in: linux (Ubuntu Hardy) Status: New = Fix Committed ** Changed in: linux (Ubuntu Hardy) Assignee: (unassigned) = Brad Figg (brad-figg) ** Changed in: linux (Ubuntu Karmic) Status: New = Fix Committed ** Changed in: linux (Ubuntu Karmic) Assignee: (unassigned) = Brad Figg (brad-figg) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Also affects: linux (Ubuntu Dapper) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Dapper) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Dapper) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Dapper) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Dapper) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Natty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
** Changed in: linux (Ubuntu Natty) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
@nelson, Do not change the title on any of the CVE tracking bugs. Thanks ** Summary changed: - lockdep warning in KSM + CVE-2010-4258 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
If that title was intentional, I think you have the wrong CVE here -- CVE-2010-4258 is a bug in do_exit that has nothing to do with ksm or lockdep: see https://www.redhat.com/security/data/cve/CVE-2010-4258.html ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4258 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
Interesting, the commit message quoted here is the commit immediately *before* the one that fixes CVE-2010-4258 (a0b0f58cdd32ab363a600a294ddaa90f0c32de8c vs. 33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177). So I'm guessing someone's import scripts have an off-by-one or someone copy-pasted the wrong sha1 somewhere. Sorry for the confusion here, I thought I was fixing a CVE that had mistakenly gotten attached, but it looks like it's the description that somehow got pulled in from the wrong place, instead. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
@nelson,
Thanks for the pointer, I'll look into it.
** Description changed:
- commit 62b61f611e (ksm: memory hotremove migration only) caused the
- following new lockdep warning.
+ If a user manages to trigger an oops with fs set to KERNEL_DS, fs is not
+ otherwise reset before do_exit(). do_exit may later (via mm_release in
+ fork.c) do a put_user to a user-controlled address, potentially allowing
+ a user to leverage an oops into a controlled write into kernel memory.
- ===
- [ INFO: possible circular locking dependency detected ]
- ---
- bash/1621 is trying to acquire lock:
-((memory_chain).rwsem){.+.+.+}, at: [81079339]
- __blocking_notifier_call_chain+0x69/0xc0
+ This is only triggerable in the presence of another bug, but this
+ potentially turns a lot of DoS bugs into privilege escalations, so it's
+ worth fixing. I have proof-of-concept code which uses this bug along
+ with CVE-2010-3849 to write a zero to an arbitrary kernel address, so
+ I've tested that this is not theoretical.
- but task is already holding lock:
-(ksm_thread_mutex){+.+.+.}, at: [8113a3aa]
- ksm_memory_callback+0x3a/0xc0
+ A more logical place to put this fix might be when we know an oops has
+ occurred, before we call do_exit(), but that would involve changing
+ every architecture, in multiple places.
- which lock already depends on the new lock.
-
- the existing dependency chain (in reverse order) is:
-
- - #1 (ksm_thread_mutex){+.+.+.}:
-[8108b70a] lock_acquire+0xaa/0x140
-[81505d74] __mutex_lock_common+0x44/0x3f0
-[81506228] mutex_lock_nested+0x48/0x60
-[8113a3aa] ksm_memory_callback+0x3a/0xc0
-[8150c21c] notifier_call_chain+0x8c/0xe0
-[8107934e] __blocking_notifier_call_chain+0x7e/0xc0
-[810793a6] blocking_notifier_call_chain+0x16/0x20
-[813afbfb] memory_notify+0x1b/0x20
-[81141b7c] remove_memory+0x1cc/0x5f0
-[813af53d] memory_block_change_state+0xfd/0x1a0
-[813afd62] store_mem_state+0xe2/0xf0
-[813a0bb0] sysdev_store+0x20/0x30
-[811bc116] sysfs_write_file+0xe6/0x170
-[8114f398] vfs_write+0xc8/0x190
-[8114fc14] sys_write+0x54/0x90
-[810028b2] system_call_fastpath+0x16/0x1b
-
- - #0 ((memory_chain).rwsem){.+.+.+}:
-[8108b5ba] __lock_acquire+0x155a/0x1600
-[8108b70a] lock_acquire+0xaa/0x140
-[81506601] down_read+0x51/0xa0
-[81079339] __blocking_notifier_call_chain+0x69/0xc0
-[810793a6] blocking_notifier_call_chain+0x16/0x20
-[813afbfb] memory_notify+0x1b/0x20
-[81141f1e] remove_memory+0x56e/0x5f0
-[813af53d] memory_block_change_state+0xfd/0x1a0
-[813afd62] store_mem_state+0xe2/0xf0
-[813a0bb0] sysdev_store+0x20/0x30
-[811bc116] sysfs_write_file+0xe6/0x170
-[8114f398] vfs_write+0xc8/0x190
-[8114fc14] sys_write+0x54/0x90
-[810028b2] system_call_fastpath+0x16/0x1b
-
- But it's a false positive. Both memory_chain.rwsem and ksm_thread_mutex
- have an outer lock (mem_hotplug_mutex). So they cannot deadlock.
-
- Thus, This patch annotate ksm_thread_mutex is not deadlock source.
+ Let's just stick it in do_exit instead.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/723945
Title:
CVE-2010-4258
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 723945] Re: CVE-2010-4258
@nelson, You saved my butt on that. I don't know how I got those commits crossed but it was all me, no tools involved. Brad -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/723945 Title: CVE-2010-4258 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
