CVE-2010-4565
Published: 29 December 2010
The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.
From the Ubuntu security team
Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37)
|
|
Patches: Upstream: http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83 |
||
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37)
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4565
- http://www.spinics.net/lists/netdev/msg146468.html
- http://www.spinics.net/lists/netdev/msg146270.html
- http://www.spinics.net/lists/netdev/msg145791.html
- https://usn.ubuntu.com/usn/usn-1141-1
- https://usn.ubuntu.com/usn/usn-1160-1
- https://usn.ubuntu.com/usn/usn-1162-1
- https://usn.ubuntu.com/usn/usn-1164-1
- https://usn.ubuntu.com/usn/usn-1167-1
- https://usn.ubuntu.com/usn/usn-1159-1
- https://usn.ubuntu.com/usn/usn-1187-1
- https://usn.ubuntu.com/usn/usn-1202-1
- NVD
- Launchpad
- Debian