CVE-2010-2942
Published: 21 September 2010
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
From the Ubuntu Security Team
Eric Dumazet discovered that many network functions could leak kernel stack contents. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(2.6.24-28.80)
|
|
| jaunty |
Released
(2.6.28-19.66)
|
|
| karmic |
Released
(2.6.31-22.67)
|
|
| lucid |
Released
(2.6.32-25.45)
|
|
| maverick |
Not vulnerable
|
|
| upstream |
Released
(2.6.36~rc2)
|
|
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=1c40be12f7d8ca1d387510d39787b12e512a7ce8 hardy: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2942/patches/hardy/linux/0001-net-sched-fix-some-kernel-memory-leaks.txt jaunty: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2942/patches/jaunty/linux/0001-net-sched-fix-some-kernel-memory-leaks.txt karmic: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2942/patches/karmic/linux/0001-net-sched-fix-some-kernel-memory-leaks.txt lucid: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2942/patches/lucid/linux/0001-net-sched-fix-some-kernel-memory-leaks.txt |
||
|
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Released
(2.6.31-307.21)
|
|
| lucid |
Released
(2.6.32-309.18)
|
|
| maverick |
Ignored
(binary supplied by "linux" now)
|
|
| upstream |
Released
(2.6.36~rc2)
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Released
(2.6.31-112.30)
|
|
| lucid |
Released
(2.6.31-608.22)
|
|
| maverick |
Does not exist
|
|
| upstream |
Released
(2.6.36~rc2)
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Released
(2.6.35-25.44~lucid1)
|
|
| maverick |
Does not exist
|
|
| upstream |
Released
(2.6.36~rc2)
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Ignored
(abandonded branch)
|
|
| lucid |
Released
(2.6.32-216.33)
|
|
| maverick |
Released
(2.6.32-416.33)
|
|
| upstream |
Released
(2.6.36~rc2)
|
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-55.89)
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| upstream |
Released
(2.6.36~rc2)
|
|
|
Patches: dapper: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2942/patches/dapper/linux/0001-net-sched-fix-some-kernel-memory-leaks.txt |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2942
- https://ubuntu.com/security/notices/USN-1000-1
- https://ubuntu.com/security/notices/USN-1074-1
- https://ubuntu.com/security/notices/USN-1074-2
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1093-1
- NVD
- Launchpad
- Debian