CVE-2011-2182
Priority
Medium
Description
The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before
2.6.39.1 does not properly handle memory allocation for non-initial
fragments, which might allow local users to conduct buffer overflow
attacks, and gain privileges or obtain sensitive information, via a crafted
LDM partition table. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2011-1017.
2.6.39.1 does not properly handle memory allocation for non-initial
fragments, which might allow local users to conduct buffer overflow
attacks, and gain privileges or obtain sensitive information, via a crafted
LDM partition table. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2011-1017.
Ubuntu-Description
Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM
partitions. A local user could exploit this to cause a denial of service or
escalate privileges.
partitions. A local user could exploit this to cause a denial of service or
escalate privileges.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182
http://lkml.org/lkml/2011/5/6/407
http://lkml.org/lkml/2011/6/1/119
http://openwall.com/lists/oss-security/2011/02/23/16
http://www.ubuntu.com/usn/usn-1341-1
http://www.ubuntu.com/usn/usn-1203-1
http://www.ubuntu.com/usn/usn-1208-1
http://www.ubuntu.com/usn/usn-1193-1
http://www.ubuntu.com/usn/usn-1218-1
http://www.ubuntu.com/usn/usn-1216-1
http://www.ubuntu.com/usn/usn-1383-1
http://www.ubuntu.com/usn/usn-1390-1
http://www.ubuntu.com/usn/usn-1392-1
http://www.ubuntu.com/usn/usn-1394-1
http://www.ubuntu.com/usn/usn-1256-1
http://www.ubuntu.com/usn/usn-1332-1
http://lkml.org/lkml/2011/5/6/407
http://lkml.org/lkml/2011/6/1/119
http://openwall.com/lists/oss-security/2011/02/23/16
http://www.ubuntu.com/usn/usn-1341-1
http://www.ubuntu.com/usn/usn-1203-1
http://www.ubuntu.com/usn/usn-1208-1
http://www.ubuntu.com/usn/usn-1193-1
http://www.ubuntu.com/usn/usn-1218-1
http://www.ubuntu.com/usn/usn-1216-1
http://www.ubuntu.com/usn/usn-1383-1
http://www.ubuntu.com/usn/usn-1390-1
http://www.ubuntu.com/usn/usn-1392-1
http://www.ubuntu.com/usn/usn-1394-1
http://www.ubuntu.com/usn/usn-1256-1
http://www.ubuntu.com/usn/usn-1332-1
Package
| Upstream: | released (3.0~rc1) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (3.2.0-1600.1) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (3.2.0-1602.5) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (3.2.0-1602.5) |
Package
| Upstream: | released (3.0~rc1) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.32-318.37) |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
Package
| Upstream: | released (3.0~rc1) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (3.0.0-5.6~lucid1) |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
Package
| Upstream: | released (3.0~rc1) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.38-11.49~lucid1) |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
Package
| Upstream: | released (3.0~rc1) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.32-218.35) |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
Package
| Upstream: | released (3.0~rc1) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.35-32.64~lucid1) |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
Package
| Upstream: | released (3.0~rc1) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (2.6.24-31.99) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.32-34.73) |
| Ubuntu 11.04 (Natty Narwhal): | released (2.6.38-11.47) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (3.0-0.1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (3.1.0-1.0) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (3.1.0-1.0) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (3.1.0-1.0) |
Patches:
| Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | Fixed by cae13fe4cc3f24820ffb990c09110626837e85d4 |
Package
| Upstream: | released (3.0~rc1) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | released (2.6.38-1209.22) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (3.0.0-1200.1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (3.0.0-1401.2) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (3.0.0-1401.2) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (3.0.0-1401.2) |
Package
| Upstream: | released (3.0~rc1) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.31-612.33) |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |