PublicDateAtUSN: 2010-12-29
Candidate: CVE-2010-4565
PublicDate: 2010-12-29 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4565
 http://www.spinics.net/lists/netdev/msg146468.html
 http://www.spinics.net/lists/netdev/msg146270.html
 http://www.spinics.net/lists/netdev/msg145791.html
 https://ubuntu.com/security/notices/USN-1141-1
 https://ubuntu.com/security/notices/USN-1160-1
 https://ubuntu.com/security/notices/USN-1162-1
 https://ubuntu.com/security/notices/USN-1164-1
 https://ubuntu.com/security/notices/USN-1167-1
 https://ubuntu.com/security/notices/USN-1159-1
 https://ubuntu.com/security/notices/USN-1187-1
 https://ubuntu.com/security/notices/USN-1202-1
Description:
 The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in
 the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36
 and earlier creates a publicly accessible file with a filename containing a
 kernel memory address, which allows local users to obtain potentially
 sensitive information about kernel memory use by listing this filename.
Ubuntu-Description:
 Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses
 into the /proc filesystem. A local attacker could use this to increase the
 chances of a successful memory corruption exploit.
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=664544
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: released (2.6.37)
dapper_linux-source-2.6.15: not-affected
hardy_linux-source-2.6.15: DNE
karmic_linux-source-2.6.15: DNE
lucid_linux-source-2.6.15: DNE
maverick_linux-source-2.6.15: DNE
natty_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux:
 upstream: http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83
upstream_linux: released (2.6.37)
dapper_linux: DNE
hardy_linux: not-affected
karmic_linux: ignored
lucid_linux: released (2.6.32-32.62)
maverick_linux: released (2.6.35-30.52)
natty_linux: released (2.6.37-12.26)
devel_linux: not-affected (2.6.39-0.0)

upstream_linux-ec2: released (2.6.37)
dapper_linux-ec2: DNE
hardy_linux-ec2: DNE
karmic_linux-ec2: ignored (reached end-of-life)
lucid_linux-ec2: released (2.6.32-316.30)
maverick_linux-ec2: ignored (binary supplied by "linux" now)
natty_linux-ec2: DNE
devel_linux-ec2: DNE

Patches_linux-ti-omap4:
upstream_linux-ti-omap4: released (2.6.37)
dapper_linux-ti-omap4: DNE
hardy_linux-ti-omap4: DNE
karmic_linux-ti-omap4: DNE
lucid_linux-ti-omap4: DNE
maverick_linux-ti-omap4: released (2.6.35-903.23)
natty_linux-ti-omap4: not-affected (2.6.38-1201.2)
devel_linux-ti-omap4: not-affected (2.6.38-1309.13)

upstream_linux-lts-backport-maverick: released (2.6.37)
dapper_linux-lts-backport-maverick: DNE
hardy_linux-lts-backport-maverick: DNE
karmic_linux-lts-backport-maverick: DNE
lucid_linux-lts-backport-maverick: released (2.6.35-30.54~lucid1)
maverick_linux-lts-backport-maverick: DNE
natty_linux-lts-backport-maverick: DNE
devel_linux-lts-backport-maverick: DNE

Patches_linux-mvl-dove:
upstream_linux-mvl-dove: released (2.6.37)
dapper_linux-mvl-dove: DNE
hardy_linux-mvl-dove: DNE
karmic_linux-mvl-dove: ignored (abandonded branch)
lucid_linux-mvl-dove: released (2.6.32-217.34)
maverick_linux-mvl-dove: released (2.6.32-417.34)
natty_linux-mvl-dove: DNE
devel_linux-mvl-dove: DNE

Patches_linux-fsl-imx51:
upstream_linux-fsl-imx51: released (2.6.37)
dapper_linux-fsl-imx51: DNE
hardy_linux-fsl-imx51: DNE
karmic_linux-fsl-imx51: ignored (reached end-of-life)
lucid_linux-fsl-imx51: released (2.6.31-609.26)
maverick_linux-fsl-imx51: DNE
natty_linux-fsl-imx51: DNE
devel_linux-fsl-imx51: DNE

Patches_linux-lts-backport-natty:
upstream_linux-lts-backport-natty: released (2.6.37)
hardy_linux-lts-backport-natty: DNE
lucid_linux-lts-backport-natty: not-affected (2.6.38-1.27~lucid1)
maverick_linux-lts-backport-natty: DNE
natty_linux-lts-backport-natty: DNE
devel_linux-lts-backport-natty: DNE