CVE-2010-3078
Published: 21 September 2010
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
From the Ubuntu Security Team
Dan Rosenberg discovered that certain XFS ioctls leaked kernel stack contents. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.6.24-28.80)
|
|
jaunty |
Released
(2.6.28-19.66)
|
|
karmic |
Released
(2.6.31-22.67)
|
|
lucid |
Released
(2.6.32-25.45)
|
|
maverick |
Not vulnerable
|
|
upstream |
Released
(2.6.36~rc4)
|
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 hardy: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-3078/patches/hardy/linux/0001-xfs-prevent-reading-uninitialized-stack-memory.txt jaunty: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-3078/patches/jaunty/linux/0001-xfs-prevent-reading-uninitialized-stack-memory.txt karmic: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-3078/patches/karmic/linux/0001-xfs-prevent-reading-uninitialized-stack-memory.txt lucid: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-3078/patches/lucid/linux/0001-xfs-prevent-reading-uninitialized-stack-memory.txt |
||
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-307.21)
|
|
lucid |
Released
(2.6.32-309.18)
|
|
maverick |
Ignored
(binary supplied by "linux" now)
|
|
upstream |
Released
(2.6.36~rc4)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-112.30)
|
|
lucid |
Released
(2.6.31-608.22)
|
|
maverick |
Does not exist
|
|
upstream |
Released
(2.6.36~rc4)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Released
(2.6.35-25.44~lucid1)
|
|
maverick |
Does not exist
|
|
upstream |
Released
(2.6.36~rc4)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Ignored
(abandonded branch)
|
|
lucid |
Released
(2.6.32-216.33)
|
|
maverick |
Released
(2.6.32-416.33)
|
|
upstream |
Released
(2.6.36~rc4)
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Released
(2.6.36~rc4)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3078
- https://ubuntu.com/security/notices/USN-1000-1
- https://ubuntu.com/security/notices/USN-1074-1
- https://ubuntu.com/security/notices/USN-1074-2
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1093-1
- NVD
- Launchpad
- Debian