Your submission was sent successfully! Close

CVE-2010-4343

Published: 29 December 2010

drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.

From the Ubuntu security team

Krishna Gudipati discovered that the bfa adapter driver did not correctly initialize certain structures. A local attacker could read files in /sys to crash the system, leading to a denial of service.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

karmic Not vulnerable

lucid
Released (2.6.32-29.57)
maverick Not vulnerable
(2.6.35-1.1)
natty Not vulnerable
(2.6.37-2.9)
upstream
Released (2.6.35~rc1)
linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(reached end-of-life)
lucid
Released (2.6.32-313.25)
maverick Ignored
(binary supplied by "linux" now)
natty Does not exist

upstream
Released (2.6.35~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(reached end-of-life)
lucid Not vulnerable

maverick Does not exist

natty Does not exist

upstream
Released (2.6.35~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Not vulnerable
(2.6.35-1.1~lucid1)
maverick Does not exist

natty Does not exist

upstream
Released (2.6.35~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(2.6.38-1.27~lucid1)
maverick Does not exist

natty Does not exist

upstream
Released (2.6.35~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(abandonded branch)
lucid
Released (2.6.32-214.30)
maverick
Released (2.6.32-414.30)
natty Does not exist

upstream
Released (2.6.35~rc1)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

upstream
Released (2.6.35~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick Not vulnerable
(2.6.35-903.8)
natty Not vulnerable
(2.6.38-1201.2)
upstream
Released (2.6.35~rc1)