CVE-2011-1593

Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

From the Ubuntu Security Team

Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	11.04 natty	Fixed 2.6.38-9.43
	10.10 maverick	Fixed 2.6.35-30.52
	10.04 LTS lucid	Fixed 2.6.32-33.64
	8.04 LTS hardy	Fixed 2.6.24-29.90
	6.06 LTS dapper	Not in release
linux-ec2	11.04 natty	Not in release
	10.10 maverick	Ignored end of life
	10.04 LTS lucid	Fixed 2.6.32-317.32
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
linux-fsl-imx51	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Fixed 2.6.31-609.26
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
linux-lts-backport-maverick	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Fixed 2.6.35-30.54~lucid1
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
linux-lts-backport-natty	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release
linux-mvl-dove	11.04 natty	Not in release
	10.10 maverick	Fixed 2.6.32-417.34
	10.04 LTS lucid	Fixed 2.6.32-217.34
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.15	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Ignored
linux-ti-omap4	11.04 natty	Fixed 2.6.38-1209.13
	10.10 maverick	Fixed 2.6.35-903.23
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d8bdc59f215e62098bc5b4256fd9928bf27053a1 Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c78193e9c7bcbf25b8237ad0dec82f805c4ea69b

References

Related Ubuntu Security Notices (USN)

USN-1164-1
Linux kernel vulnerabilities (i.MX51)
6 July 2011

USN-1202-1
Linux kernel (OMAP4) vulnerabilities
13 September 2011

USN-1160-1
Linux kernel vulnerabilities
28 June 2011

USN-1168-1
Linux kernel vulnerabilities
15 July 2011

USN-1162-1
Linux kernel vulnerabilities (Marvell Dove)
29 June 2011

USN-1146-1
Linux kernel vulnerabilities
9 June 2011

USN-1167-1
Linux kernel vulnerabilities
13 July 2011

USN-1187-1
Linux kernel (Maverick backport) vulnerabilities
9 August 2011

USN-1212-1
Linux kernel (OMAP4) vulnerabilities
21 September 2011

USN-1161-1
Linux kernel vulnerabilities (EC2)
13 July 2011

USN-1159-1
Linux kernel vulnerabilities (Marvell Dove)
13 July 2011

From the Ubuntu Security Team

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references