*** This bug is a security vulnerability *** Public security bug reported:
Fixed by: commit 194b3da873fd334ef183806db751473512af29ce Author: Vasiliy Kulikov <seg...@openwall.com> Date: Thu Apr 14 20:55:16 2011 +0400 agp: fix arbitrary kernel memory writes pg_start is copied from userspace on AGPIOC_BIND and AGPIOC_UNBIND ioctl cmds of agp_ioctl() and passed to agpioc_bind_wrap(). As said in the comment, (pg_start + mem->page_count) may wrap in case of AGPIOC_BIND, and it is not checked at all in case of AGPIOC_UNBIND. As a result, user with sufficient privileges (usually "video" group) may generate either local DoS or privilege escalation. Signed-off-by: Vasiliy Kulikov <seg...@openwall.com> Signed-off-by: Dave Airlie <airl...@redhat.com> ** Affects: linux (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: linux-fsl-imx51 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-lts-backport-maverick (Ubuntu) Importance: Undecided Status: New ** Affects: linux-mvl-dove (Ubuntu) Importance: Undecided Status: New ** Affects: linux-ti-omap4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux (Ubuntu Lucid) Importance: Undecided Status: Fix Released ** Affects: linux-fsl-imx51 (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: linux-lts-backport-maverick (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: linux-mvl-dove (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: linux-ti-omap4 (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: linux (Ubuntu Maverick) Importance: Undecided Assignee: Andy Whitcroft (apw) Status: In Progress ** Affects: linux-fsl-imx51 (Ubuntu Maverick) Importance: Undecided Status: New ** Affects: linux-lts-backport-maverick (Ubuntu Maverick) Importance: Undecided Status: New ** Affects: linux-mvl-dove (Ubuntu Maverick) Importance: Undecided Status: New ** Affects: linux-ti-omap4 (Ubuntu Maverick) Importance: Undecided Status: New ** Affects: linux (Ubuntu Natty) Importance: Undecided Status: Fix Released ** Affects: linux-fsl-imx51 (Ubuntu Natty) Importance: Undecided Status: New ** Affects: linux-lts-backport-maverick (Ubuntu Natty) Importance: Undecided Status: New ** Affects: linux-mvl-dove (Ubuntu Natty) Importance: Undecided Status: New ** Affects: linux-ti-omap4 (Ubuntu Natty) Importance: Undecided Status: New ** Affects: linux (Ubuntu Oneiric) Importance: Undecided Status: Fix Released ** Affects: linux-fsl-imx51 (Ubuntu Oneiric) Importance: Undecided Status: New ** Affects: linux-lts-backport-maverick (Ubuntu Oneiric) Importance: Undecided Status: New ** Affects: linux-mvl-dove (Ubuntu Oneiric) Importance: Undecided Status: New ** Affects: linux-ti-omap4 (Ubuntu Oneiric) Importance: Undecided Status: New ** Affects: linux (Ubuntu Dapper) Importance: Undecided Status: Invalid ** Affects: linux-fsl-imx51 (Ubuntu Dapper) Importance: Undecided Status: New ** Affects: linux-lts-backport-maverick (Ubuntu Dapper) Importance: Undecided Status: New ** Affects: linux-mvl-dove (Ubuntu Dapper) Importance: Undecided Status: New ** Affects: linux-ti-omap4 (Ubuntu Dapper) Importance: Undecided Status: New ** Affects: linux (Ubuntu Hardy) Importance: Undecided Assignee: Andy Whitcroft (apw) Status: In Progress ** Affects: linux-fsl-imx51 (Ubuntu Hardy) Importance: Undecided Status: New ** Affects: linux-lts-backport-maverick (Ubuntu Hardy) Importance: Undecided Status: New ** Affects: linux-mvl-dove (Ubuntu Hardy) Importance: Undecided Status: New ** Affects: linux-ti-omap4 (Ubuntu Hardy) Importance: Undecided Status: New ** Tags: kernel-cve-tracking-bug ** Tags added: kernel-cve-tracking-bug ** This bug has been flagged as a security vulnerability ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2022 ** Also affects: linux (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Dapper) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Dapper) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Dapper) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Dapper) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Dapper) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Dapper) Status: New => Invalid ** Changed in: linux (Ubuntu Lucid) Status: New => Fix Released ** Changed in: linux (Ubuntu Natty) Status: New => Fix Released ** Changed in: linux (Ubuntu Oneiric) Status: New => Fix Released ** Changed in: linux (Ubuntu Maverick) Status: New => In Progress ** Changed in: linux (Ubuntu Hardy) Status: New => In Progress ** Changed in: linux (Ubuntu Hardy) Assignee: (unassigned) => Andy Whitcroft (apw) ** Changed in: linux (Ubuntu Maverick) Assignee: (unassigned) => Andy Whitcroft (apw) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/788684 Title: CVE-2011-2022 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs