Your submission was sent successfully! Close

CVE-2010-4072

Published: 29 November 2010

The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."

From the Ubuntu Security Team

Kees Cook and Vasiliy Kulikov discovered that the shm interface did not clear kernel memory correctly. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.6.24-28.86)
jaunty Ignored
(reached end-of-life)
karmic
Released (2.6.31-22.70)
lucid
Released (2.6.32-27.49)
maverick
Released (2.6.35-24.42)
upstream Needs triage

Patches:
proposed: http://lkml.org/lkml/2010/10/6/486
hardy: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-4072/patches/hardy/linux/0001-ipc-shm-fix-information-leak-to-userland.txt
karmic: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-4072/patches/karmic/linux/0001-ipc-shm-fix-information-leak-to-userland.txt
lucid: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-4072/patches/lucid/linux/0001-ipc-shm-fix-information-leak-to-userland.txt
maverick: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-4072/patches/maverick/linux/0001-ipc-shm-fix-information-leak-to-userland.txt

linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty Does not exist

karmic
Released (2.6.31-307.23)
lucid
Released (2.6.32-311.23)
maverick Ignored
(binary supplied by "linux" now)
upstream Needs triage

linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-112.30)
lucid
Released (2.6.31-608.22)
maverick Does not exist

upstream Needs triage

linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty Does not exist

karmic Does not exist

lucid
Released (2.6.35-25.44~lucid1)
maverick Does not exist

upstream Needs triage

linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(abandonded branch)
lucid
Released (2.6.32-216.33)
maverick
Released (2.6.32-416.33)
upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-55.91)
hardy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream Not vulnerable

Patches:





dapper: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-4072/patches/dapper/linux/0001-ipc-shm-fix-information-leak-to-userland.txt
linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.22)
upstream Needs triage