CVE-2010-4258
Published: 30 December 2010
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.
From the Ubuntu security team
Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. If a local attacker were able to trigger certain kinds of kernel bugs, they could create a specially crafted process to gain root privileges.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
Patches: Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177 |
||
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4258
- http://thread.gmane.org/gmane.comp.security.full-disclosure/76457
- http://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc/
- http://openwall.com/lists/oss-security/2010/12/02/3
- https://usn.ubuntu.com/usn/usn-1105-1
- https://usn.ubuntu.com/usn/usn-1111-1
- https://usn.ubuntu.com/usn/usn-1083-1
- https://usn.ubuntu.com/usn/usn-1119-1
- https://usn.ubuntu.com/usn/usn-1054-1
- https://usn.ubuntu.com/usn/usn-1093-1
- https://usn.ubuntu.com/usn/usn-1164-1
- https://usn.ubuntu.com/usn/usn-1167-1
- NVD
- Launchpad
- Debian