CVE-2010-3861

Published: 10 December 2010

The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478.

From the Ubuntu security team

Kees Cook discovered that the ethtool interface did not correctly clear kernel memory. A local attacker could read kernel heap memory, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ae6df5f96a51818d6376da5307d773baeece4014
Karmic: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3861/patches/karmic/linux/0001-net-clear-heap-allocation-for-ETHTOOL_GRXCLSRLALL.txt
Lucid: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3861/patches/lucid/linux/0001-net-clear-heap-allocation-for-ETHTOOL_GRXCLSRLALL.txt
Maverick: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3861/patches/maverick/linux/0001-net-clear-heap-allocation-for-ETHTOOL_GRXCLSRLALL.txt
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading