Kernel Vulnerabilities Discovered in Ubuntu/Kubuntu/Edubuntu/Xubuntu

Page All:

Page 1
An Ubuntu Security Notice from March 17, 2010 mentions some vulnerabilities in the kernels used by Ubuntu-based distributions from 8.04 to 9.10; the 6.06 release is affected, too. (Ubuntu 7.04 and 7.10 were not mentioned, but they are no longer supported anyway.)

They are all local attacks; none of the listed attacks can be invoked by a remote attacker. All of them can, however, lead to a denial of service condition if successfully exploited by a local attacker.

If you are using Ubuntu, but aren't sure which release you're using, you can run:

Code

lsb_release -a
to find your installation's release information.

Also, you can run:

Code

uname -r
to show the kernel currently in use by your system.

Quote

Details follow:

Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. A local attacker could exploit this to cause the system to crash, leading to a denial of service. (CVE-2010-0307)

Marcelo Tosatti discovered that the Linux kernel's hardware virtualization did not correctly handle reading the /dev/port special device. A local attacker in a guest operating system could issue a specific read that would cause the host system to crash, leading to a denial of service. (CVE-2010-0309)

Sebastian Krahmer discovered that the Linux kernel did not correctly handle netlink connector messages. A local attacker could exploit this to consume kernel memory, leading to a denial of service. (CVE-2010-0410)

Ramon de Carvalho Valle discovered that the Linux kernel did not correctly validate certain memory migration calls. A local attacker could exploit this to read arbitrary kernel memory or cause a system crash, leading to a denial of service. (CVE-2010-0415)

Jermome Marchand and Mikael Pettersson discovered that the Linux kernel did not correctly handle certain futex operations. A local attacker could exploit this to cause a system crash, leading to a denial of service. (CVE-2010-0622, CVE-2010-0623)


Source: USN-914-1

Title

Medium Image View Large