Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-3081

Published: 15 September 2010

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.

From the Ubuntu Security Team

Ben Hawkes discovered that the Linux kernel did not correctly validate memory ranges on 64bit kernels when allocating memory on behalf of 32bit system calls. On a 64bit system, a local attacker could perform malicious multicast getsockopt calls to gain root privileges.

Priority

High

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
linux-source-2.6.15
Launchpad, Ubuntu, Debian
upstream
Released (2.6.36~rc5)
dapper
Released (2.6.15-55.88)
hardy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

Patches:





dapper: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-3081/patches/dapper/linux/0001-compat-Make-compat_alloc_user_space-incorporate-the-ac.txt
linux
Launchpad, Ubuntu, Debian
upstream
Released (2.6.36~rc5)
dapper Does not exist

hardy
Released (2.6.24-28.79)
jaunty
Released (2.6.28-19.65)
karmic
Released (2.6.31-22.65)
lucid
Released (2.6.32-24.43)
maverick
Released (2.6.35-22.32)
Patches:
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c41d68a513c71e35a14f66d71782d27a79a81ea6
hardy: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-3081/patches/hardy/linux/0001-compat-Make-compat_alloc_user_space-incorporate-the-ac.txt
jaunty: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-3081/patches/jaunty/linux/0001-compat-Make-compat_alloc_user_space-incorporate-the-ac.txt
karmic: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-3081/patches/karmic/linux/0001-compat-Make-compat_alloc_user_space-incorporate-the-ac.txt
lucid: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-3081/patches/lucid/linux/0001-compat-Make-compat_alloc_user_space-incorporate-the-ac.txt

linux-fsl-imx51
Launchpad, Ubuntu, Debian
upstream
Released (2.6.36~rc5)
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-112.30)
lucid
Released (2.6.31-608.22)
maverick Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian
upstream
Released (2.6.36~rc5)
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.22)

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H