Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1092-1
Solution
Please Install the Updated Packages.
Insight
Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4158)
Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4162)
Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2010-4163)
Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. A local attacker could exploit this flaw to gain root privileges. (CVE-2010-4242)
Affected
linux-source-2.6.15 vulnerabilities on Ubuntu 6.06 LTS
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4162, CVE-2010-4163, CVE-2010-4242 -
CVSS Base Score: 4.7
AV:L/AC:M/Au:N/C:N/I:N/A:C
Related Vulnerabilities