CVE-2010-4075

Published: 29 November 2010

The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

From the Ubuntu security team

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)

Notes

AuthorNote
jdstrand 
applied on dapper_linux-source-2.6.15 2.6.15-57.94, but not in
changelog

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading