*** This bug is a security vulnerability ***
Public security bug reported:
Fixed by:
commit 194b3da873fd334ef183806db751473512af29ce
Author: Vasiliy Kulikov <seg...@openwall.com>
Date: Thu Apr 14 20:55:16 2011 +0400
agp: fix arbitrary kernel memory writes
pg_start is copied from userspace on AGPIOC_BIND and AGPIOC_UNBIND ioctl
cmds of agp_ioctl() and passed to agpioc_bind_wrap(). As said in the
comment, (pg_start + mem->page_count) may wrap in case of AGPIOC_BIND,
and it is not checked at all in case of AGPIOC_UNBIND. As a result, user
with sufficient privileges (usually "video" group) may generate either
local DoS or privilege escalation.
Signed-off-by: Vasiliy Kulikov <seg...@openwall.com>
Signed-off-by: Dave Airlie <airl...@redhat.com>
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: linux-fsl-imx51 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-maverick (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-mvl-dove (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-ti-omap4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Lucid)
Importance: Undecided
Status: Fix Released
** Affects: linux-fsl-imx51 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-maverick (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: linux-mvl-dove (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: linux-ti-omap4 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Maverick)
Importance: Undecided
Assignee: Andy Whitcroft (apw)
Status: In Progress
** Affects: linux-fsl-imx51 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-maverick (Ubuntu Maverick)
Importance: Undecided
Status: New
** Affects: linux-mvl-dove (Ubuntu Maverick)
Importance: Undecided
Status: New
** Affects: linux-ti-omap4 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Natty)
Importance: Undecided
Status: Fix Released
** Affects: linux-fsl-imx51 (Ubuntu Natty)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-maverick (Ubuntu Natty)
Importance: Undecided
Status: New
** Affects: linux-mvl-dove (Ubuntu Natty)
Importance: Undecided
Status: New
** Affects: linux-ti-omap4 (Ubuntu Natty)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Oneiric)
Importance: Undecided
Status: Fix Released
** Affects: linux-fsl-imx51 (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-maverick (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Affects: linux-mvl-dove (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Affects: linux-ti-omap4 (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Dapper)
Importance: Undecided
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Dapper)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-maverick (Ubuntu Dapper)
Importance: Undecided
Status: New
** Affects: linux-mvl-dove (Ubuntu Dapper)
Importance: Undecided
Status: New
** Affects: linux-ti-omap4 (Ubuntu Dapper)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Hardy)
Importance: Undecided
Assignee: Andy Whitcroft (apw)
Status: In Progress
** Affects: linux-fsl-imx51 (Ubuntu Hardy)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-maverick (Ubuntu Hardy)
Importance: Undecided
Status: New
** Affects: linux-mvl-dove (Ubuntu Hardy)
Importance: Undecided
Status: New
** Affects: linux-ti-omap4 (Ubuntu Hardy)
Importance: Undecided
Status: New
** Tags: kernel-cve-tracking-bug
** Tags added: kernel-cve-tracking-bug
** This bug has been flagged as a security vulnerability
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2022
** Also affects: linux (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: linux-fsl-imx51 (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-maverick (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: linux-mvl-dove (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: linux-ti-omap4 (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: linux-fsl-imx51 (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-maverick (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: linux-mvl-dove (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: linux-ti-omap4 (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: linux-fsl-imx51 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-maverick (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: linux-mvl-dove (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: linux-ti-omap4 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: linux-fsl-imx51 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-maverick (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: linux-mvl-dove (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: linux-ti-omap4 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: linux-fsl-imx51 (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-maverick (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: linux-mvl-dove (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: linux-ti-omap4 (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Dapper)
Importance: Undecided
Status: New
** Also affects: linux-fsl-imx51 (Ubuntu Dapper)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-maverick (Ubuntu Dapper)
Importance: Undecided
Status: New
** Also affects: linux-mvl-dove (Ubuntu Dapper)
Importance: Undecided
Status: New
** Also affects: linux-ti-omap4 (Ubuntu Dapper)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Dapper)
Status: New => Invalid
** Changed in: linux (Ubuntu Lucid)
Status: New => Fix Released
** Changed in: linux (Ubuntu Natty)
Status: New => Fix Released
** Changed in: linux (Ubuntu Oneiric)
Status: New => Fix Released
** Changed in: linux (Ubuntu Maverick)
Status: New => In Progress
** Changed in: linux (Ubuntu Hardy)
Status: New => In Progress
** Changed in: linux (Ubuntu Hardy)
Assignee: (unassigned) => Andy Whitcroft (apw)
** Changed in: linux (Ubuntu Maverick)
Assignee: (unassigned) => Andy Whitcroft (apw)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/788684
Title:
CVE-2011-2022
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
