CVE-2010-3437

Published: 04 October 2010

Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.

From the Ubuntu security team

Dan Rosenberg discovered that the CD driver did not correctly check parameters. A local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc6)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=252a52aa4fa22a668f019e55b3aac3ff71ec1c29
Hardy: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-3437/patches/hardy/linux/0001-Fix-pktcdvd-ioctl-dev_minor-range-check.txt
Jaunty: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-3437/patches/jaunty/linux/0001-Fix-pktcdvd-ioctl-dev_minor-range-check.txt
Karmic: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-3437/patches/karmic/linux/0001-Fix-pktcdvd-ioctl-dev_minor-range-check.txt
Lucid: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-3437/patches/lucid/linux/0001-Fix-pktcdvd-ioctl-dev_minor-range-check.txt
Maverick: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-3437/patches/maverick/linux/0001-Fix-pktcdvd-ioctl-dev_minor-range-check.txt
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc6)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc6)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc6)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc6)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc6)
Patches:
Dapper: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-3437/patches/dapper/linux/0001-Fix-pktcdvd-ioctl-dev_minor-range-check.txt
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc6)

Notes

AuthorNote
smb This was assigned to bradf and I re-assigned it to myself for minor fixups and so the tools will find things.

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading