CVE-2011-1748
Published: 9 May 2011
The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
From the Ubuntu Security Team
Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Not vulnerable
|
|
| lucid |
Released
(2.6.32-33.64)
|
|
| maverick |
Released
(2.6.35-30.52)
|
|
| natty |
Released
(2.6.38-10.44)
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=10022a6c66e199d8f61d9044543f38785713cbbd |
||
|
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| lucid |
Released
(2.6.32-317.32)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| lucid |
Released
(2.6.31-609.26)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| lucid |
Released
(2.6.35-30.54~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
(2.6.38-10.44~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| lucid |
Released
(2.6.32-217.34)
|
|
| maverick |
Released
(2.6.32-417.34)
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Ignored
|
| hardy |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Released
(2.6.35-903.23)
|
|
| natty |
Released
(2.6.38-1209.15)
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1748
- https://ubuntu.com/security/notices/USN-1160-1
- https://ubuntu.com/security/notices/USN-1162-1
- https://ubuntu.com/security/notices/USN-1164-1
- https://ubuntu.com/security/notices/USN-1167-1
- https://ubuntu.com/security/notices/USN-1161-1
- https://ubuntu.com/security/notices/USN-1159-1
- https://ubuntu.com/security/notices/USN-1168-1
- https://ubuntu.com/security/notices/USN-1187-1
- https://ubuntu.com/security/notices/USN-1202-1
- https://ubuntu.com/security/notices/USN-1212-1
- NVD
- Launchpad
- Debian