CVE-2010-3079
Published: 30 September 2010
kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file.
From the Ubuntu Security Team
Robert Swiecki discovered that ftrace did not correctly handle mutexes. A local attacker could exploit this to crash the kernel, leading to a denial of service.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Not vulnerable
|
|
| jaunty |
Ignored
(reached end-of-life)
|
|
| karmic |
Released
(2.6.31-22.70)
|
|
| lucid |
Released
(2.6.32-27.49)
|
|
| maverick |
Released
(2.6.35-24.42)
|
|
| upstream |
Released
(2.6.36~rc4)
|
|
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c55cb12c1c172e2d51e85fbb5a4796ca86b77e7 karmic: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3079/patches/karmic/linux/0001-tracing-Do-not-allow-llseek-to-set_ftrace_filter.txt lucid: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3079/patches/lucid/linux/0001-tracing-Do-not-allow-llseek-to-set_ftrace_filter.txt maverick: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3079/patches/maverick/linux/0001-tracing-Do-not-allow-llseek-to-set_ftrace_filter.txt |
||
|
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Released
(2.6.31-307.23)
|
|
| lucid |
Released
(2.6.32-311.23)
|
|
| maverick |
Ignored
(binary supplied by "linux" now)
|
|
| upstream |
Released
(2.6.36~rc4)
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Released
(2.6.31-112.30)
|
|
| lucid |
Released
(2.6.31-608.22)
|
|
| maverick |
Does not exist
|
|
| upstream |
Released
(2.6.36~rc4)
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Released
(2.6.35-25.44~lucid1)
|
|
| maverick |
Does not exist
|
|
| upstream |
Released
(2.6.36~rc4)
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Ignored
(abandonded branch)
|
|
| lucid |
Released
(2.6.32-216.33)
|
|
| maverick |
Released
(2.6.32-416.33)
|
|
| upstream |
Released
(2.6.36~rc4)
|
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| upstream |
Released
(2.6.36~rc4)
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Released
(2.6.35-903.22)
|
|
| upstream |
Released
(2.6.36~rc4)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3079
- https://ubuntu.com/security/notices/USN-1041-1
- https://ubuntu.com/security/notices/USN-1074-1
- https://ubuntu.com/security/notices/USN-1074-2
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1119-1
- https://ubuntu.com/security/notices/USN-1093-1
- NVD
- Launchpad
- Debian