UbuntuUSN-1111-1Linux kernel vulnerabilities
7.7 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.032 Low
EPSS
Percentile
91.1%
Releases
- Ubuntu 6.06
Packages
- linux-source-2.6.15 - Linux kernel
Details
Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If
a system was using X.25, a remote attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4164)
Vegard Nossum discovered that memory garbage collection was not handled
correctly for active sockets. A local attacker could exploit this to
allocate all available kernel memory, leading to a denial of service.
(CVE-2010-4249)
Nelson Elhage discovered that the kernel did not correctly handle process
cleanup after triggering a recoverable kernel bug. If a local attacker were
able to trigger certain kinds of kernel bugs, they could create a specially
crafted process to gain root privileges. (CVE-2010-4258)
Nelson Elhage discovered that Econet did not correctly handle AUN packets
over UDP. A local attacker could send specially crafted traffic to crash
the system, leading to a denial of service. (CVE-2010-4342)
Dan Rosenberg discovered that the OSS subsystem did not handle name
termination correctly. A local attacker could exploit this crash the system
or gain root privileges. (CVE-2010-4527)
Dan Rosenberg discovered that IRDA did not correctly check the size of
buffers. On non-x86 systems, a local attacker could exploit this to read
kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)
Dan Carpenter discovered that the TTPCI DVB driver did not check certain
values during an ioctl. If the dvb-ttpci module was loaded, a local
attacker could exploit this to crash the system, leading to a denial of
service, or possibly gain root privileges. (CVE-2011-0521)
Jens Kuehnel discovered that the InfiniBand driver contained a race
condition. On systems using InfiniBand, a local attacker could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2011-0695)
Timo Warns discovered that the LDM disk partition handling code did not
correctly handle certain values. By inserting a specially crafted disk
device, a local attacker could exploit this to gain root privileges.
(CVE-2011-1017)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 6.06 | noarch | linux-image-2.6.15-57-itanium | < 2.6.15-57.97 | UNKNOWN |
| Ubuntu | 6.06 | noarch | acpi-modules-2.6.15-57-amd64-generic-di | < 2.6.15-57.97 | UNKNOWN |
| Ubuntu | 6.06 | noarch | cdrom-core-modules-2.6.15-57-amd64-generic-di | < 2.6.15-57.97 | UNKNOWN |
| Ubuntu | 6.06 | noarch | crc-modules-2.6.15-57-amd64-generic-di | < 2.6.15-57.97 | UNKNOWN |
| Ubuntu | 6.06 | noarch | ext2-modules-2.6.15-57-amd64-generic-di | < 2.6.15-57.97 | UNKNOWN |
| Ubuntu | 6.06 | noarch | ext3-modules-2.6.15-57-amd64-generic-di | < 2.6.15-57.97 | UNKNOWN |
| Ubuntu | 6.06 | noarch | fat-modules-2.6.15-57-amd64-generic-di | < 2.6.15-57.97 | UNKNOWN |
| Ubuntu | 6.06 | noarch | fb-modules-2.6.15-57-amd64-generic-di | < 2.6.15-57.97 | UNKNOWN |
| Ubuntu | 6.06 | noarch | firewire-core-modules-2.6.15-57-amd64-generic-di | < 2.6.15-57.97 | UNKNOWN |
| Ubuntu | 6.06 | noarch | floppy-modules-2.6.15-57-amd64-generic-di | < 2.6.15-57.97 | UNKNOWN |
References
Related
7.7 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.032 Low
EPSS
Percentile
91.1%