Lucene search

K
osvGoogleOSV:DSA-2240-1
HistoryMay 24, 2011 - 12:00 a.m.

linux-2.6 - several issues

2011-05-2400:00:00
Google
osv.dev
6

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.029 Low

EPSS

Percentile

89.3%

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CVE-2010-3875
    Vasiliy Kulikov discovered an issue in the Linux implementation of the
    Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to
    sensitive kernel memory.
  • CVE-2011-0695
    Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can
    exploit a race condition to cause a denial of service (kernel panic).
  • CVE-2011-0711
    Dan Rosenberg reported an issue in the XFS filesystem. Local users may
    obtain access to sensitive kernel memory.
  • CVE-2011-0726
    Kees Cook reported an issue in the /proc/pid/stat implementation. Local
    users could learn the text location of a process, defeating protections
    provided by address space layout randomization (ASLR).
  • CVE-2011-1016
    Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video
    chips. Local users could pass arbitrary values to video memory and the
    graphics translation table, resulting in denial of service or escalated
    privileges. On default Debian installations, this is exploitable only by
    members of the video group.
  • CVE-2011-1078
    Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users
    can obtain access to sensitive kernel memory.
  • CVE-2011-1079
    Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users
    with the CAP_NET_ADMIN capability can cause a denial of service (kernel
    Oops).
  • CVE-2011-1080
    Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users
    can obtain access to sensitive kernel memory.
  • CVE-2011-1090
    Neil Horman discovered a memory leak in the setacl() call on NFSv4
    filesystems. Local users can exploit this to cause a denial of service
    (Oops).
  • CVE-2011-1160
    Peter Huewe reported an issue in the Linux kernel’s support for TPM security
    chips. Local users with permission to open the device can gain access to
    sensitive kernel memory.
  • CVE-2011-1163
    Timo Warns reported an issue in the kernel support for Alpha OSF format disk
    partitions. Users with physical access can gain access to sensitive kernel
    memory by adding a storage device with a specially crafted OSF partition.
  • CVE-2011-1170
    Vasiliy Kulikov reported an issue in the Netfilter ARP table
    implementation. Local users with the CAP_NET_ADMIN capability can gain
    access to sensitive kernel memory.
  • CVE-2011-1171
    Vasiliy Kulikov reported an issue in the Netfilter IP table
    implementation. Local users with the CAP_NET_ADMIN capability can gain
    access to sensitive kernel memory.
  • CVE-2011-1172
    Vasiliy Kulikov reported an issue in the Netfilter IPv6 table
    implementation. Local users with the CAP_NET_ADMIN capability can gain
    access to sensitive kernel memory.
  • CVE-2011-1173
    Vasiliy Kulikov reported an issue in the Acorn Econet protocol
    implementation. Local users can obtain access to sensitive kernel memory on
    systems that use this rare hardware.
  • CVE-2011-1180
    Dan Rosenberg reported a buffer overflow in the Information Access Service
    of the IrDA protocol, used for Infrared devices. Remote attackers within IR
    device range can cause a denial of service or possibly gain elevated
    privileges.
  • CVE-2011-1182
    Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local
    users can generate signals with falsified source pid and uid information.
  • CVE-2011-1476
    Dan Rosenberg reported issues in the Open Sound System MIDI interface that
    allow local users to cause a denial of service. This issue does not affect
    official Debian Linux image packages as they no longer provide support for
    OSS. However, custom kernels built from Debian’s linux-source-2.6.32 may
    have enabled this configuration and would therefore be vulnerable.
  • CVE-2011-1477
    Dan Rosenberg reported issues in the Open Sound System driver for cards that
    include a Yamaha FM synthesizer chip. Local users can cause memory
    corruption resulting in a denial of service. This issue does not affect
    official Debian Linux image packages as they no longer provide support for
    OSS. However, custom kernels built from Debian’s linux-source-2.6.32 may
    have enabled this configuration and would therefore be vulnerable.
  • CVE-2011-1478
    Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support in
    the Linux networking subsystem. If an interface has GRO enabled and is
    running in promiscuous mode, remote users can cause a denial of service
    (NULL pointer dereference) by sending packets on an unknown VLAN.
  • CVE-2011-1493
    Dan Rosenburg reported two issues in the Linux implementation of the Amateur
    Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service
    by providing specially crafted facilities fields.
  • CVE-2011-1494
    Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by
    the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain
    elevated privileges by specially crafted ioctl calls. On default Debian
    installations this is not exploitable as this interface is only accessible
    to root.
  • CVE-2011-1495
    Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface
    provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users
    can obtain elevated privileges and read arbitrary kernel memory by using
    specially crafted ioctl calls. On default Debian installations this is not
    exploitable as this interface is only accessible to root.
  • CVE-2011-1585
    Jeff Layton reported an issue in the Common Internet File System (CIFS).
    Local users can bypass authentication requirements for shares that are
    already mounted by another user.
  • CVE-2011-1593
    Robert Swiecki reported a signedness issue in the next_pidmap() function,
    which can be exploited by local users to cause a denial of service.
  • CVE-2011-1598
    Dave Jones reported an issue in the Broadcast Manager Controller Area
    Network (CAN/BCM) protocol that may allow local users to cause a NULL
    pointer dereference, resulting in a denial of service.
  • CVE-2011-1745
    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
    Local users can obtain elevated privileges or cause a denial of service due
    to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian
    installations, this is exploitable only by users in the video group.
  • CVE-2011-1746
    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
    Local users can obtain elevated privileges or cause a denial of service due
    to missing bounds checking in the agp_allocate_memory and
    agp_create_user_memory routines. On default Debian installations, this is exploitable
    only by users in the video group.
  • CVE-2011-1748
    Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw
    socket implementation which permits local users to cause a NULL pointer
    dereference, resulting in a denial of service.
  • CVE-2011-1759
    Dan Rosenberg reported an issue in the support for executing old ABI
    binaries on ARM processors. Local users can obtain elevated privileges due
    to insufficient bounds checking in the semtimedop system call.
  • CVE-2011-1767
    Alexecy Dobriyan reported an issue in the GRE over IP implementation.
    Remote users can cause a denial of service by sending a packet during module
    initialization.
  • CVE-2011-1770
    Dan Rosenberg reported an issue in the Datagram Congestion Control Protocol
    (DCCP). Remote users can cause a denial of service or potentially obtain
    access to sensitive kernel memory.
  • CVE-2011-1776
    Timo Warns reported an issue in the Linux implementation for GUID
    partitions. Users with physical access can gain access to sensitive kernel
    memory by adding a storage device with a specially crafted corrupted invalid
    partition table.
  • CVE-2011-2022
    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
    Local users can obtain elevated privileges or cause a denial of service due
    to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian
    installations, this is exploitable only by users in the video group.

This update also includes changes queued for the next point release of
Debian 6.0, which also fix various non-security issues. These additional
changes are described in the
package
changelog
.

For the stable distribution (squeeze), these problems have been fixed in
version 2.6.32-34squeeze1. Updates for issues impacting the oldstable
distribution (lenny) will be available soon.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+34squeeze1

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.029 Low

EPSS

Percentile

89.3%

Related for OSV:DSA-2240-1