CVE-2010-4158

Published: 30 December 2010

The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.

From the Ubuntu security team

Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc2)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=57fe93b374a6b8711995c2d466c502af9f3a08bb
linux-ec2
Launchpad, Ubuntu, Debian
Upstream Ignored

linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc2)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream Ignored

linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc2)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream Ignored

linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc2)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream Ignored