CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
93.8%
Thomas Pollet discovered that the RDS network protocol did not check
certain iovec buffers. A local attacker could exploit this to crash the
system or possibly execute arbitrary code as the root user. (CVE-2010-3865)
Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
crash the kernel, leading to a denial of service. (CVE-2010-3873)
Dan Rosenberg discovered that the CAN protocol on 64bit systems did not
correctly calculate the size of certain buffers. A local attacker could
exploit this to crash the system or possibly execute arbitrary code as the
root user. (CVE-2010-3874)
Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did
not correctly clear kernel memory. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)
Vasiliy Kulikov discovered that the Linux kernel sockets implementation did
not properly initialize certain structures. A local attacker could exploit
this to read kernel stack memory, leading to a loss of privacy.
(CVE-2010-3876)
Vasiliy Kulikov discovered that the TIPC interface did not correctly
initialize certain structures. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-3877)
Nelson Elhage discovered that the Linux kernel IPv4 implementation did not
properly audit certain bytecodes in netlink messages. A local attacker
could exploit this to cause the kernel to hang, leading to a denial of
service. (CVE-2010-3880)
Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver
did not correctly clear kernel memory. A local attacker could exploit this
to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,
CVE-2010-4081)
Dan Rosenberg discovered that the VIA video driver did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4082)
Dan Rosenberg discovered that the semctl syscall did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4083)
James Bottomley discovered that the ICP vortex storage array controller
driver did not validate certain sizes. A local attacker on a 64bit system
could exploit this to crash the kernel, leading to a denial of service.
(CVE-2010-4157)
Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If
a system was using X.25, a remote attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4164)
It was discovered that multithreaded exec did not handle CPU timers
correctly. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-4248)
Nelson Elhage discovered that the kernel did not correctly handle process
cleanup after triggering a recoverable kernel bug. If a local attacker were
able to trigger certain kinds of kernel bugs, they could create a specially
crafted process to gain root privileges. (CVE-2010-4258)
Nelson Elhage discovered that Econet did not correctly handle AUN packets
over UDP. A local attacker could send specially crafted traffic to crash
the system, leading to a denial of service. (CVE-2010-4342)
Tavis Ormandy discovered that the install_special_mapping function could
bypass the mmap_min_addr restriction. A local attacker could exploit this
to mmap 4096 bytes below the mmap_min_addr area, possibly improving the
chances of performing NULL pointer dereference attacks. (CVE-2010-4346)
Dan Rosenberg discovered that the OSS subsystem did not handle name
termination correctly. A local attacker could exploit this crash the system
or gain root privileges. (CVE-2010-4527)
Dan Rosenberg discovered that IRDA did not correctly check the size of
buffers. On non-x86 systems, a local attacker could exploit this to read
kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)
Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses
into the /proc filesystem. A local attacker could use this to increase the
chances of a successful memory corruption exploit. (CVE-2010-4565)
Kees Cook discovered that some ethtool functions did not correctly clear
heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit
this to read portions of kernel heap memory, leading to a loss of privacy.
(CVE-2010-4655)
Kees Cook discovered that the IOWarrior USB device driver did not correctly
check certain size fields. A local attacker with physical access could plug
in a specially crafted USB device to crash the system or potentially gain
root privileges. (CVE-2010-4656)
Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly
clear memory when writing certain file holes. A local attacker could
exploit this to read uninitialized data from the disk, leading to a loss of
privacy. (CVE-2011-0463)
Dan Carpenter discovered that the TTPCI DVB driver did not check certain
values during an ioctl. If the dvb-ttpci module was loaded, a local
attacker could exploit this to crash the system, leading to a denial of
service, or possibly gain root privileges. (CVE-2011-0521)
Jens Kuehnel discovered that the InfiniBand driver contained a race
condition. On systems using InfiniBand, a local attacker could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2011-0695)
Dan Rosenberg discovered that XFS did not correctly initialize memory. A
local attacker could make crafted ioctl calls to leak portions of kernel
stack memory, leading to a loss of privacy. (CVE-2011-0711)
Rafael Dominguez Vega discovered that the caiaq Native Instruments USB
driver did not correctly validate string lengths. A local attacker with
physical access could plug in a specially crafted USB device to crash the
system or potentially gain root privileges. (CVE-2011-0712)
Timo Warns discovered that the LDM disk partition handling code did not
correctly handle certain values. By inserting a specially crafted disk
device, a local attacker could exploit this to gain root privileges.
(CVE-2011-1017)
Julien Tinnes discovered that the kernel did not correctly validate the
signal structure from tkill(). A local attacker could exploit this to send
signals to arbitrary threads, possibly bypassing expected restrictions.
(CVE-2011-1182)
Dan Rosenberg discovered that MPT devices did not correctly validate
certain values in ioctl calls. If these drivers were loaded, a local
attacker could exploit this to read arbitrary kernel memory, leading to a
loss of privacy. (CVE-2011-1494, CVE-2011-1495)
Tavis Ormandy discovered that the pidmap function did not correctly handle
large requests. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2011-1593)
Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl
values. A local attacker with access to the video subsystem could exploit
this to crash the system, leading to a denial of service, or possibly gain
root privileges. (CVE-2011-1745, CVE-2011-2022)
Vasiliy Kulikov discovered that the AGP driver did not check the size of
certain memory allocations. A local attacker with access to the video
subsystem could exploit this to run the system out of memory, leading to a
denial of service. (CVE-2011-1746)
Oliver Hartkopp and Dave Jones discovered that the CAN network driver did
not correctly validate certain socket structures. If this driver was
loaded, a local attacker could crash the system, leading to a denial of
service. (CVE-2011-1748)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 10.04 | noarch | linux-image-2.6.31-609-imx51 | < 2.6.31-609.26 | UNKNOWN |
Ubuntu | 10.04 | noarch | block-modules-2.6.31-609-imx51-di | < 2.6.31-609.26 | UNKNOWN |
Ubuntu | 10.04 | noarch | crypto-modules-2.6.31-609-imx51-di | < 2.6.31-609.26 | UNKNOWN |
Ubuntu | 10.04 | noarch | fat-modules-2.6.31-609-imx51-di | < 2.6.31-609.26 | UNKNOWN |
Ubuntu | 10.04 | noarch | fs-core-modules-2.6.31-609-imx51-di | < 2.6.31-609.26 | UNKNOWN |
Ubuntu | 10.04 | noarch | fs-secondary-modules-2.6.31-609-imx51-di | < 2.6.31-609.26 | UNKNOWN |
Ubuntu | 10.04 | noarch | input-modules-2.6.31-609-imx51-di | < 2.6.31-609.26 | UNKNOWN |
Ubuntu | 10.04 | noarch | irda-modules-2.6.31-609-imx51-di | < 2.6.31-609.26 | UNKNOWN |
Ubuntu | 10.04 | noarch | kernel-image-2.6.31-609-imx51-di | < 2.6.31-609.26 | UNKNOWN |
Ubuntu | 10.04 | noarch | linux-headers-2.6.31-609-imx51 | < 2.6.31-609.26 | UNKNOWN |
ubuntu.com/security/CVE-2010-3865
ubuntu.com/security/CVE-2010-3873
ubuntu.com/security/CVE-2010-3874
ubuntu.com/security/CVE-2010-3875
ubuntu.com/security/CVE-2010-3876
ubuntu.com/security/CVE-2010-3877
ubuntu.com/security/CVE-2010-3880
ubuntu.com/security/CVE-2010-4080
ubuntu.com/security/CVE-2010-4081
ubuntu.com/security/CVE-2010-4082
ubuntu.com/security/CVE-2010-4083
ubuntu.com/security/CVE-2010-4157
ubuntu.com/security/CVE-2010-4164
ubuntu.com/security/CVE-2010-4248
ubuntu.com/security/CVE-2010-4258
ubuntu.com/security/CVE-2010-4342
ubuntu.com/security/CVE-2010-4346
ubuntu.com/security/CVE-2010-4527
ubuntu.com/security/CVE-2010-4529
ubuntu.com/security/CVE-2010-4565
ubuntu.com/security/CVE-2010-4655
ubuntu.com/security/CVE-2010-4656
ubuntu.com/security/CVE-2011-0463
ubuntu.com/security/CVE-2011-0521
ubuntu.com/security/CVE-2011-0695
ubuntu.com/security/CVE-2011-0711
ubuntu.com/security/CVE-2011-0712
ubuntu.com/security/CVE-2011-1017
ubuntu.com/security/CVE-2011-1182
ubuntu.com/security/CVE-2011-1494
ubuntu.com/security/CVE-2011-1495
ubuntu.com/security/CVE-2011-1593
ubuntu.com/security/CVE-2011-1745
ubuntu.com/security/CVE-2011-1746
ubuntu.com/security/CVE-2011-1748
ubuntu.com/security/CVE-2011-2022
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
93.8%