Summary
Ubuntu Update for Linux kernel vulnerabilities USN-988-1
Solution
Please Install the Updated Packages.
Insight
Ben Hawkes discovered that the Linux kernel did not correctly validate memory ranges on 64bit kernels when allocating memory on behalf of 32bit system calls. On a 64bit system, a local attacker could perform malicious multicast getsockopt calls to gain root privileges. (CVE-2010-3081)
Ben Hawkes discovered that the Linux kernel did not correctly filter registers on 64bit kernels when performing 32bit system calls. On a 64bit system, a local attacker could manipulate 32bit system calls to gain root privileges. (CVE-2010-3301)
Affected
Linux kernel vulnerabilities on Ubuntu 6.06 LTS ,
Ubuntu 8.04 LTS ,
Ubuntu 9.04 ,
Ubuntu 9.10 ,
Ubuntu 10.04 LTS
Severity
Classification
-
CVE CVE-2010-3081, CVE-2010-3301 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities