Your submission was sent successfully! Close

USN-1023-1: Linux kernel vulnerabilities

30 November 2010

The Linux kernel could be made to run unauthorized programs with administrator privileges.




Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)

Brad Spengler discovered that the wireless extensions did not correctly
validate certain request sizes. A local attacker could exploit this to read
portions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)

Dan Rosenberg discovered that the VIA video driver did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4082)

A flaw was discovered in the Linux kernel's splice system call. A local
user could use this flaw to cause a denial of service (system crash).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 10.10
Ubuntu 10.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

Related notices

  • USN-1074-1: linux-fsl-imx51, linux-image-2.6.31-112-imx51
  • USN-1083-1: linux-image-2.6.35-25-server, linux-image-2.6.35-25-generic, linux-image-2.6.35-25-generic-pae, linux-lts-backport-maverick, linux-image-2.6.35-25-virtual
  • USN-1119-1: linux-image-2.6.35-903-omap4, linux-ti-omap4
  • USN-1074-2: linux-image-2.6.31-608-imx51, linux-fsl-imx51
  • USN-1093-1: linux-image-2.6.32-216-dove, linux-mvl-dove, linux-image-2.6.32-416-dove
  • USN-1073-1: linux-image-2.6.31-22-virtual, linux-image-2.6.31-22-powerpc, linux-image-2.6.31-22-386, linux-image-2.6.31-22-powerpc64-smp, linux-image-2.6.31-307-ec2, linux-image-2.6.31-22-generic-pae, linux-ec2, linux-image-2.6.31-22-lpia, linux-image-2.6.31-22-sparc64, linux-image-2.6.31-22-ia64, linux-image-2.6.31-22-powerpc-smp, linux-image-2.6.31-22-generic, linux, linux-image-2.6.31-22-server, linux-image-2.6.31-22-sparc64-smp
  • USN-1164-1: linux-fsl-imx51, linux-image-2.6.31-609-imx51
  • USN-1202-1: linux-image-2.6.35-903-omap4, linux-ti-omap4