Your submission was sent successfully! Close

CVE-2010-3881

Published: 23 December 2010

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

From the Ubuntu Security Team

Vasiliy Kulikov discovered that kvm did not correctly clear memory. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy.

Notes

AuthorNote
smb
Releases before Lucid do not contain the IOCTL functions affected.
For ti-omap, mvl-dove and ec2 the change of KVM should not matter at all.
Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

karmic Not vulnerable

lucid
Released (2.6.32-28.52)
maverick
Released (2.6.35-25.43)
natty Not vulnerable

upstream
Released (2.6.37~rc2)
linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Not vulnerable

lucid
Released (contained in 2.6.32-313.25 in proposed)
maverick Ignored
(binary supplied by "linux" now)
natty Does not exist

upstream
Released (2.6.37~rc2)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Not vulnerable

lucid Not vulnerable

maverick Does not exist

natty Does not exist

upstream Needs triage

linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid
Released (lts-2.6.35-25.44 in proposed)
maverick Does not exist

natty Does not exist

upstream
Released (2.6.36.2)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Does not exist

natty Does not exist

upstream Needs triage

linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(abandonded branch)
lucid
Released (2.6.32-211.27)
maverick
Released (2.6.32-414.30)
natty Does not exist

upstream Not vulnerable

linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

upstream Not vulnerable

linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.16)
natty Not vulnerable

upstream Needs triage