CVE-2011-0711

Published: 01 March 2011

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

From the Ubuntu security team

Dan Rosenberg discovered that XFS did not correctly initialize memory. A local attacker could make crafted ioctl calls to leak portions of kernel stack memory, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc8)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=af24ee9ea8d532e16883251a6684dfa1be8eec29
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc8)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc8)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc8)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc8)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc8)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc8)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc8)

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading