CVE-2010-4072
Published: 29 November 2010
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
From the Ubuntu Security Team
Kees Cook and Vasiliy Kulikov discovered that the shm interface did not clear kernel memory correctly. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(2.6.24-28.86)
|
|
| jaunty |
Ignored
(reached end-of-life)
|
|
| karmic |
Released
(2.6.31-22.70)
|
|
| lucid |
Released
(2.6.32-27.49)
|
|
| maverick |
Released
(2.6.35-24.42)
|
|
| upstream |
Needs triage
|
|
|
Patches: proposed: http://lkml.org/lkml/2010/10/6/486 hardy: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-4072/patches/hardy/linux/0001-ipc-shm-fix-information-leak-to-userland.txt karmic: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-4072/patches/karmic/linux/0001-ipc-shm-fix-information-leak-to-userland.txt lucid: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-4072/patches/lucid/linux/0001-ipc-shm-fix-information-leak-to-userland.txt maverick: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-4072/patches/maverick/linux/0001-ipc-shm-fix-information-leak-to-userland.txt |
||
|
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Released
(2.6.31-307.23)
|
|
| lucid |
Released
(2.6.32-311.23)
|
|
| maverick |
Ignored
(binary supplied by "linux" now)
|
|
| upstream |
Needs triage
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Released
(2.6.31-112.30)
|
|
| lucid |
Released
(2.6.31-608.22)
|
|
| maverick |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Released
(2.6.35-25.44~lucid1)
|
|
| maverick |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Ignored
(abandonded branch)
|
|
| lucid |
Released
(2.6.32-216.33)
|
|
| maverick |
Released
(2.6.32-416.33)
|
|
| upstream |
Needs triage
|
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-55.91)
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
Patches: dapper: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-4072/patches/dapper/linux/0001-ipc-shm-fix-information-leak-to-userland.txt |
||
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Released
(2.6.35-903.22)
|
|
| upstream |
Needs triage
|
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4072
- https://ubuntu.com/security/notices/USN-1041-1
- https://ubuntu.com/security/notices/USN-1057-1
- https://ubuntu.com/security/notices/USN-1072-1
- https://ubuntu.com/security/notices/USN-1074-1
- https://ubuntu.com/security/notices/USN-1074-2
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1093-1
- https://ubuntu.com/security/notices/USN-1119-1
- NVD
- Launchpad
- Debian