CVE-2010-2955

Published: 08 September 2010

The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.

From the Ubuntu security team

Brad Spengler discovered that the wireless extensions did not correctly validate certain request sizes. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.11.0-12.19)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=42da2f948d949efd0111309f5827bf0298bcc9a4
Jaunty: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/jaunty/linux/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
Karmic: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/karmic/linux/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
Lucid: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/lucid/linux/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-backports-modules-2.6.24
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Hardy: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/hardy/lbm/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
linux-backports-modules-2.6.28
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Jaunty: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/jaunty/lbm/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
linux-backports-modules-2.6.32
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Lucid: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/lucid/lbm/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-1.3])
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-1.9])
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.1.10-8.28])
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.16.0-25.33~14.04.2])
linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.19.0-18.18~14.04.1])
linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.0.0-3.18])
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-3.21])
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-4.19])
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist