Oval Definition:oval:org.mitre.oval:def:13433
Revision Date:2014-06-30Version:20
Title:USN-1093-1 -- linux-mvl-dove vulnerabilities
Description:Joel Becker discovered that OCFS2 did not correctly validate on-disk symlink structures. If an attacker were able to trick a user or automated system into mounting a specially crafted filesystem, it could crash the system or exposde kernel memory, leading to a loss of privacy. Ben Hutchings discovered that the ethtool interface did not correctly check certain sizes. A local attacker could perform malicious ioctl calls that could crash the system, leading to a denial of service. Eric Dumazet discovered that many network functions could leak kernel stack contents. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy. Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. A remote attacker could exploit this to read or write disk blocks that had changed file assignment or had become unlinked, leading to a loss of privacy. Tavis Ormandy discovered that the IRDA subsystem did not correctly shut down. A local attacker could exploit this to cause the system to crash or possibly gain root privileges. Brad Spengler discovered that the wireless extensions did not correctly validate certain request sizes. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy. Tavis Ormandy discovered that the session keyring did not correctly check for its parent. On systems without a default session keyring, a local attacker could exploit this to crash the system, leading to a denial of service. Kees Cook discovered that the Intel i915 graphics driver did not correctly validate memory regions. A local attacker with access to the video card could read and write arbitrary kernel memory to gain root privileges. Kees Cook discovered that the V4L1 32bit compat interface did not correctly validate certain parameters. A local attacker on a 64bit system with access to a video device could exploit this to gain root privileges. Tavis Ormandy discovered that the AIO subsystem did not correctly validate certain parameters. A local attacker could exploit this to crash the system or possibly gain root privileges. Dan Rosenberg discovered that certain XFS ioctls leaked kernel stack contents. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy. Robert Swiecki discovered that ftrace did not correctly handle mutexes. A local attacker could exploit this to crash the kernel, leading to a denial of service. Tavis Ormandy discovered that the OSS sequencer device did not correctly shut down. A local attacker could exploit this to crash the system or possibly gain root privileges. Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the ROSE driver did not correctly check parameters. A local attacker with access to a ROSE network device could exploit this to crash the system or possibly gain root privileges. Thomas Dreibholz discovered that SCTP did not correctly handle appending packet chunks. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Dan Rosenberg discovered that the CD driver did not correctly check parameters. A local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. Dan Rosenberg discovered that the Sound subsystem did not correctly validate parameters. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that SCTP did not correctly handle HMAC calculations. A remote attacker could send specially crafted traffic that would crash the system, leading to a denial of service. Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service via a NULL pointer dereference, escalate privileges by overflowing the kernel stack, and assign Econet addresses to arbitrary interfaces. Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Kees Cook discovered that the ethtool interface did not correctly clear kernel memory. A local attacker could read kernel heap memory, leading to a loss of privacy. Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly calculate the size of certain buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the TIPC interface did not correctly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. Kees Cook and Vasiliy Kulikov discovered that the shm interface did not clear kernel memory correctly. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Steve Chen discovered that setsockopt did not correctly check MSS values. A local attacker could make a specially crafted socket call to crash the system, leading to a denial of service. Dave Jones discovered that the mprotect system call did not correctly handle merged VMAs. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. A local attacker could exploit this to allocate all available kernel memory, leading to a denial of service. It was discovered that multithreaded exec did not handle CPU timers correctly. A local attacker could exploit this to crash the system, leading to a denial of service. Krishna Gudipati discovered that the bfa adapter driver did not correctly initialize certain structures. A local attacker could read files in /sys to crash the system, leading to a denial of service. Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction. A local attacker could exploit this to mmap 4096 bytes below the mmap_min_addr area, possibly improving the chances of performing NULL pointer dereference attacks. It was discovered that the ICMP stack did not correctly handle certain unreachable messages. If a remote attacker were able to acquire a socket lock, they could send specially crafted traffic that would crash the system, leading to a denial of service. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges. Dan Carpenter discovered that the Infiniband driver did not correctly handle certain requests. A local user could exploit this to crash the system or potentially gain root privileges
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2010-2478
CVE-2010-2942
CVE-2010-2943
CVE-2010-2954
CVE-2010-2955
CVE-2010-2960
CVE-2010-2962
CVE-2010-2963
CVE-2010-3067
CVE-2010-3078
CVE-2010-3079
CVE-2010-3080
CVE-2010-3084
CVE-2010-3296
CVE-2010-3297
CVE-2010-3298
CVE-2010-3310
CVE-2010-3432
CVE-2010-3437
CVE-2010-3442
CVE-2010-3448
CVE-2010-3477
CVE-2010-3698
CVE-2010-3705
CVE-2010-3848
CVE-2010-3849
CVE-2010-3850
CVE-2010-3858
CVE-2010-3859
CVE-2010-3861
CVE-2010-3865
CVE-2010-3873
CVE-2010-3874
CVE-2010-3875
CVE-2010-3876
CVE-2010-3877
CVE-2010-3880
CVE-2010-3881
CVE-2010-3904
CVE-2010-4072
CVE-2010-4073
CVE-2010-4075
CVE-2010-4079
CVE-2010-4080
CVE-2010-4081
CVE-2010-4082
CVE-2010-4083
CVE-2010-4157
CVE-2010-4158
CVE-2010-4160
CVE-2010-4162
CVE-2010-4163
CVE-2010-4164
CVE-2010-4165
CVE-2010-4169
CVE-2010-4175
CVE-2010-4242
CVE-2010-4248
CVE-2010-4249
CVE-2010-4258
CVE-2010-4343
CVE-2010-4346
CVE-2010-4526
CVE-2010-4527
CVE-2010-4648
CVE-2010-4649
CVE-2010-4650
CVE-2010-4655
CVE-2010-4656
CVE-2010-4668
CVE-2011-0006
CVE-2011-0521
CVE-2011-0712
CVE-2011-1010
CVE-2011-1012
CVE-2011-1044
CVE-2011-1082
CVE-2011-1093
USN-1093-1
USN-1093-1
Platform(s):Ubuntu 10.04
Ubuntu 10.10
Product(s):linux-mvl-dove
Definition Synopsis
  • Release section
  • Ubuntu 10.10 is installed
  • AND Installed architecture is armel
  • AND Packages section
  • linux-headers-2.6.32-416 DPKG is earlier than 2.6.32-416.33
  • OR nic-usb-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR nfs-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR block-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR parport-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR plip-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR fat-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR crypto-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR nic-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR md-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR nic-shared-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR linux-image-2.6.32-416-dove DPKG is earlier than 2.6.32-416.33
  • OR fs-secondary-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR scsi-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR linux-headers-2.6.32-416-dove DPKG is earlier than 2.6.32-416.33
  • OR kernel-image-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR mouse-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR ppp-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR usb-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR firewire-core-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR input-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR fs-core-modules-2.6.32-416-dove-di DPKG is earlier than 2.6.32-416.33
  • OR Release section
  • Ubuntu 10.04 is installed
  • AND Installed architecture is armel
  • AND Packages section
  • fs-secondary-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR input-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR plip-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR linux-headers-2.6.32-216-dove DPKG is earlier than 2.6.32-216.33
  • OR nic-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR fs-core-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR linux-headers-2.6.32-216 DPKG is earlier than 2.6.32-216.33
  • OR nfs-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR nic-usb-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR usb-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR mouse-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR md-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR parport-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR block-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR kernel-image-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR fat-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR crypto-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR scsi-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR ppp-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR nic-shared-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • OR linux-image-2.6.32-216-dove DPKG is earlier than 2.6.32-216.33
  • OR firewire-core-modules-2.6.32-216-dove-di DPKG is earlier than 2.6.32-216.33
  • BACK