Lucene search

K
ubuntuUbuntuUSN-1086-1
HistoryMar 08, 2011 - 12:00 a.m.

Linux kernel (EC2) vulnerabilities

2011-03-0800:00:00
ubuntu.com
51

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

Releases

  • Ubuntu 10.04

Packages

  • linux-ec2 - Linux kernel for EC2

Details

Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075)

Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)

Dan Rosenberg discovered that the SCSI subsystem did not correctly validate
iov segments. A local attacker with access to a SCSI device could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2010-4163, CVE-2010-4668)

OSVersionArchitecturePackageVersionFilename
Ubuntu10.04noarchlinux-image-2.6.32-314-ec2< 2.6.32-314.27UNKNOWN
Ubuntu10.04noarchlinux-headers-2.6.32-314-ec2< 2.6.32-314.27UNKNOWN

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%