CVE-2010-3861

Published: 10 December 2010

The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478.

From the Ubuntu security team

Kees Cook discovered that the ethtool interface did not correctly clear kernel memory. A local attacker could read kernel heap memory, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ae6df5f96a51818d6376da5307d773baeece4014
Karmic: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3861/patches/karmic/linux/0001-net-clear-heap-allocation-for-ETHTOOL_GRXCLSRLALL.txt
Lucid: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3861/patches/lucid/linux/0001-net-clear-heap-allocation-for-ETHTOOL_GRXCLSRLALL.txt
Maverick: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3861/patches/maverick/linux/0001-net-clear-heap-allocation-for-ETHTOOL_GRXCLSRLALL.txt
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.36~rc8)

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading