CVE-2012-3510
Published: 3 October 2012
Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.
Notes
Author | Note |
---|---|
jdstrand | linux-armadaxp is maintained by OEM |
sbeattie | introduced by 9acc1853519a0473620d424105f9d49ea5b4e62e and only if TASK_XACCT is enabled. |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
(2.6.24-5.9)
|
lucid |
Not vulnerable
(2.6.32-1.1)
|
|
natty |
Not vulnerable
(2.6.37-2.9)
|
|
oneiric |
Not vulnerable
(2.6.39-0.0)
|
|
precise |
Not vulnerable
(3.1.0-1.1)
|
|
quantal |
Not vulnerable
(3.4.0-1.1)
|
|
upstream |
Released
(2.6.19~rc4)
|
|
Patches: Introduced by 9acc1853519a0473620d424105f9d49ea5b4e62e |
||
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
(3.2.0-1600.1)
|
|
quantal |
Not vulnerable
(3.2.0-1600.1)
|
|
upstream |
Released
(2.6.19~rc4)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(2.6.32-300.1)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(2.6.19~rc4)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(2.6.19~rc4)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Not vulnerable
(3.0.0-1007.9)
|
|
upstream |
Released
(2.6.19~rc4)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Not vulnerable
(3.0.0-1007.9)
|
|
upstream |
Released
(2.6.19~rc4)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Not vulnerable
(3.0.0-1007.9)
|
|
upstream |
Released
(2.6.19~rc4)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(2.6.19~rc4)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(2.6.38-1.27~lucid1)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(2.6.19~rc4)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(3.0.0-5.6~lucid1)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(2.6.19~rc4)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(2.6.19~rc4)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Not vulnerable
(2.6.31-800.2)
|
|
upstream |
Released
(2.6.19~rc4)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Not vulnerable
(2.6.38-1201.2)
|
|
oneiric |
Not vulnerable
(2.6.38-1309.13)
|
|
precise |
Not vulnerable
(3.0.0-1401.2)
|
|
quantal |
Not vulnerable
(3.4.0-1.1)
|
|
upstream |
Released
(2.6.19~rc4)
|