*** This bug is a security vulnerability ***
Public security bug reported:
The sk_run_filter function in net/core/filter.c in the Linux kernel
before 2.6.36.2 does not check whether a certain memory location has
been initialized before executing a (1) BPF_S_LD_MEM or (2)
BPF_S_LDX_MEM instruction, which allows local users to obtain
potentially sensitive information from kernel stack memory via a crafted
socket filter.
** Affects: linux (Ubuntu)
Importance: Low
Assignee: Stefan Bader (stefan-bader-canonical)
Status: In Progress
** Affects: linux (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Maverick)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Natty)
Importance: Low
Assignee: Stefan Bader (stefan-bader-canonical)
Status: In Progress
** Affects: linux (Ubuntu Dapper)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Hardy)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Karmic)
Importance: Undecided
Status: New
** Tags: kernel-cve-tracker
** Visibility changed to: Public
** Also affects: linux (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Natty)
Importance: Low
Assignee: Stefan Bader (stefan-bader-canonical)
Status: In Progress
** Also affects: linux (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Dapper)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Karmic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Lucid)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/721282
Title:
CVE-2010-4158
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
