CVE-2011-1173

Published: 22 June 2011

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.

From the Ubuntu security team

Vasiliy Kulikov discovered that the Acorn Universal Networking driver did not correctly initialize memory. A remote attacker could send specially crafted traffic to read kernel stack memory, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading