Your submission was sent successfully! Close

CVE-2010-4650

Published: 12 January 2012

Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server.

From the Ubuntu security team

An error was discovered in the kernel's handling of CUSE (Character device in Userspace). A local attacker might exploit this flaw to escalate privilege, if access to /dev/cuse has been modified to allow non-root users.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid
Released (2.6.32-29.57)
maverick
Released (2.6.35-27.47)
natty Not vulnerable
(2.6.37-10.24)
oneiric Not vulnerable
(2.6.39-0.0)
precise Not vulnerable
(3.1.0-1.1)
quantal Not vulnerable
(3.1.0-1.0)
upstream
Released (2.6.37~rc6)
linux-armadaxp
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Not vulnerable
(3.2.0-1600.1)
quantal Not vulnerable
(3.2.0-1602.5)
upstream
Released (2.6.37~rc6)
linux-ec2
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.32-313.25)
maverick Ignored
(binary supplied by "linux" now)
natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream
Released (2.6.37~rc6)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached EOL)
maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream
Released (2.6.37~rc6)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.35-28.50~lucid1)
maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream
Released (2.6.37~rc6)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(2.6.38-1.27~lucid1)
maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream
Released (2.6.37~rc6)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(3.0.0-5.6~lucid1)
maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream
Released (2.6.37~rc6)
linux-mvl-dove
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.32-214.30)
maverick
Released (2.6.32-414.30)
natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream
Released (2.6.37~rc6)
linux-ti-omap4
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.31)
natty Not vulnerable
(2.6.38-1201.2)
oneiric Not vulnerable
(2.6.38-1309.13)
precise Not vulnerable
(3.0.0-1401.2)
quantal Not vulnerable
(3.0.0-1401.2)
upstream
Released (2.6.37~rc6)