Advisories MDVSA-2010:247: kernel

paul · December 3, 2010

A vulnerability was discovered and corrected in the Linux 2.6 kernel:

The compat_alloc_user_space functions in include/asm/compat.h files

in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do

not properly allocate the userspace memory required for the 32-bit

compatibility layer, which allows local users to gain privileges by

leveraging the ability of the compat_mc_getsockopt function (aka the

MCAST_MSFILTER getsockopt support) to control a certain length value,

related to a stack pointer underflow issue, as exploited in the wild

in September 2010. (CVE-2010-3081)

The IA32 system call emulation functionality in

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2

on the x86_64 platform does not zero extend the %eax register after

the 32-bit entry path to ptrace is used, which allows local users to

gain privileges by triggering an out-of-bounds access to the system

call table using the %rax register. NOTE: this vulnerability exists

because of a CVE-2007-4573 regression. (CVE-2010-3301)

Integer overflow in the ext4_ext_get_blocks function in

fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local

users to cause a denial of service (BUG and system crash) via a

write operation on the last block of a large file, followed by a sync

operation. (CVE-2010-3015)

Additionally, the kernel has been updated to the stable version

2.6.31.14. A timeout bug in bnx2 has been fixed. Muting and unmuting

on VT1812/VT2002P now should work correctly. A fix for ACL decoding

on NFS was added. Rebooting on Dell Precision WorkStation T7400 was

corrected. Read balancing with RAID0 and RAID1 on drives larger then

2TB was also fixed. A more detailed description is available in the

package changelog and related tickets.

Thanks to Thomas Backlund and Herton Ronaldo Krzesinski for

contributions in this update.

To update your kernel, please follow the directions located at:

Recommended Posts