CVE-2010-2955

Published: 08 September 2010

The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.

From the Ubuntu security team

Brad Spengler discovered that the wireless extensions did not correctly validate certain request sizes. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.11.0-12.19)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=42da2f948d949efd0111309f5827bf0298bcc9a4
Jaunty: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/jaunty/linux/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
Karmic: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/karmic/linux/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
Lucid: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/lucid/linux/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
linux-armadaxp
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-backports-modules-2.6.24
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Hardy: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/hardy/lbm/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
linux-backports-modules-2.6.28
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Jaunty: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/jaunty/lbm/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
linux-backports-modules-2.6.32
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Lucid: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/lucid/lbm/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-1.3])
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-1.9])
linux-grouper
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.1.10-8.28])
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-raring
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.16.0-25.33~14.04.2])
linux-lts-vivid
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.19.0-18.18~14.04.1])
linux-maguro
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.0.0-3.18])
linux-mako
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-3.21])
linux-manta
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-4.19])
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading