Details
Louis Rilling and Matthieu Fertré reported a use after free error in the
Linux kernel's futex_wait function. A local user could exploit this flaw to
cause a denial of service (system crash) or possibly gain privileges via a
specially crafted application. (CVE-2014-0205)
Ben Hawkes discovered that the Linux kernel did not correctly filter
registers on 64bit kernels when performing 32bit system calls. On a 64bit
system, a local attacker could manipulate 32bit system calls to gain root
privileges. (CVE-2010-3301)
Dan Rosenberg discovered that the btrfs filesystem did not correctly
validate permissions when using the clone function. A local attacker could
overwrite the contents of file handles that were opened for append-only, or
potentially read arbitrary contents, leading to a loss of privacy.
(CVE-2010-2537,
Louis Rilling and Matthieu Fertré reported a use after free error in the
Linux kernel's futex_wait function. A local user could exploit this flaw to
cause a denial of service (system crash) or possibly gain privileges via a
specially crafted application. (CVE-2014-0205)
Ben Hawkes discovered that the Linux kernel did not correctly filter
registers on 64bit kernels when performing 32bit system calls. On a 64bit
system, a local attacker could manipulate 32bit system calls to gain root
privileges. (CVE-2010-3301)
Dan Rosenberg discovered that the btrfs filesystem did not correctly
validate permissions when using the clone function. A local attacker could
overwrite the contents of file handles that were opened for append-only, or
potentially read arbitrary contents, leading to a loss of privacy.
(CVE-2010-2537, CVE-2010-2538)
Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
read or write disk blocks that had changed file assignment or had become
unlinked, leading to a loss of privacy. (CVE-2010-2943)
Kees Cook discovered that the Intel i915 graphics driver did not correctly
validate memory regions. A local attacker with access to the video card
could read and write arbitrary kernel memory to gain root privileges.
(CVE-2010-2962)
Robert Swiecki discovered that ftrace did not correctly handle mutexes. A
local attacker could exploit this to crash the kernel, leading to a denial
of service. (CVE-2010-3079)
Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297,
CVE-2010-3298)
It was discovered that KVM did not correctly initialize certain CPU
registers. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-3698)
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Kees Cook discovered that the ethtool interface did not correctly clear
kernel memory. A local attacker could read kernel heap memory, leading to a
loss of privacy. (CVE-2010-3861)
Kees Cook and Vasiliy Kulikov discovered that the shm interface did not
clear kernel memory correctly. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4072)
Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver
did not correctly clear kernel memory. A local attacker could exploit this
to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,
CVE-2010-4081)
James Bottomley discovered that the ICP vortex storage array controller
driver did not validate certain sizes. A local attacker on a 64bit system
could exploit this to crash the kernel, leading to a denial of service.
(CVE-2010-4157)
Alan Cox discovered that the HCI UART driver did not correctly check if a
write operation was available. If the mmap_min-addr sysctl was changed from
the Ubuntu default to a value of 0, a local attacker could exploit this
flaw to gain root privileges. (CVE-2010-4242)
Kees Cook discovered that some ethtool functions did not correctly clear
heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit
this to read portions of kernel heap memory, leading to a loss of privacy.
(CVE-2010-4655)
Update instructions
After a standard system update you need to reboot your computer to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2014-0205
- CVE-2010-4655
- CVE-2010-4242
- CVE-2010-4157
- CVE-2010-4081
- CVE-2010-4080
- CVE-2010-4072
- CVE-2010-3861
- CVE-2010-3858
- CVE-2010-3698
- CVE-2014-0205
- CVE-2010-4655
- CVE-2010-4242
- CVE-2010-4157
- CVE-2010-4081
- CVE-2010-4080
- CVE-2010-4072
- CVE-2010-3861
- CVE-2010-3858
- CVE-2010-3698
- CVE-2010-3301
- CVE-2010-3298
- CVE-2010-3297
- CVE-2010-3296
- CVE-2010-3079
- CVE-2010-2962
- CVE-2010-2943
- CVE-2010-2538
- CVE-2010-2537
Related notices
- USN-1204-1
- USN-1202-1
- USN-1187-1
- USN-1164-1
- USN-1146-1
- USN-1119-1
- USN-1105-1
- USN-1093-1
- USN-1092-1
- USN-1089-1
- USN-1204-1
- USN-1202-1
- USN-1187-1
- USN-1164-1
- USN-1146-1
- USN-1119-1
- USN-1105-1
- USN-1093-1
- USN-1092-1
- USN-1089-1
- USN-1083-1
- USN-1081-1
- USN-1074-1
- USN-1074-2
- USN-1073-1
- USN-1072-1
- USN-1071-1
- USN-1057-1
- USN-988-1
Have additional questions?