CVE-2010-2955

Priority
Low
Description
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the
Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize
certain structure members, which allows local users to leverage an
off-by-one error in the ioctl_standard_iw_point function in
net/wireless/wext-core.c, and obtain potentially sensitive information from
kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that
specifies a large buffer size.
Ubuntu-Description
Brad Spengler discovered that the wireless extensions did not correctly
validate certain request sizes. A local attacker could exploit this to read
portions of kernel memory, leading to a loss of privacy.
References
Assigned-to
sconklin
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.13.0-24.46~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.5.0-18.29~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Patches:
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.35-22.34~lucid1)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-26.47)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.1.0-1.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.11.0-12.19)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.13.0-24.46)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.16.0-23.31)
Patches:
Upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=42da2f948d949efd0111309f5827bf0298bcc9a4
Jaunty:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/jaunty/linux/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
Karmic:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/karmic/linux/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
Lucid:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/lucid/linux/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.0.0-1401.2)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.8.0-19.30~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.2.0-1600.1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-1.9)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-3.14)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.4.0-4.23)
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.0.0-3.18)
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-213.29)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Patches:
Jaunty:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/jaunty/lbm/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.11.0-13.20~precise2)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-4.19)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-6.25)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.4.0-6.29)
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-310.21)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.1.10-8.28)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.1.10-8.28)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.1.10-8.28)
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (2.6.38-1.27~lucid1)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-3.21)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-5.28)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.4.0-5.34)
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.31-608.22)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.16.0-25.33~14.04.2)
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Patches:
Hardy:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/hardy/lbm/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
Package
Upstream:released (2.6.36~rc4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-1.3)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-3.10)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.4.0-3.15)
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):pending
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Patches:
Lucid:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2955/patches/lucid/lbm/0001-wireless-extensions-fix-kernel-heap-content-leak.txt
More Information

Valid XHTML 1.0 Strict

Updated: 2014-12-05 14:14:33 UTC (commit 8802)