PublicDateAtUSN: 2011-04-09
Candidate: CVE-2011-1163
PublicDate: 2011-04-10 02:51:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163
 https://ubuntu.com/security/notices/USN-1162-1
 https://ubuntu.com/security/notices/USN-1167-1
 https://ubuntu.com/security/notices/USN-1161-1
 https://ubuntu.com/security/notices/USN-1159-1
 https://ubuntu.com/security/notices/USN-1168-1
 https://ubuntu.com/security/notices/USN-1170-1
 https://ubuntu.com/security/notices/USN-1183-1
 https://ubuntu.com/security/notices/USN-1187-1
 https://ubuntu.com/security/notices/USN-1202-1
 https://ubuntu.com/security/notices/USN-1204-1
Description:
 The osf_partition function in fs/partitions/osf.c in the Linux kernel
 before 2.6.38 does not properly handle an invalid number of partitions,
 which might allow local users to obtain potentially sensitive information
 from kernel heap memory via vectors related to partition-table parsing.
Ubuntu-Description:
 Timo Warns discovered that OSF partition parsing routines did not correctly
 clear memory. A local attacker with physical access could plug in a
 specially crafted block device to read kernel memory, leading to a loss of
 privacy.
Notes:
Bugs:
 https://launchpad.net/bugs/796606
Priority: low
Discovered-by: Timo Warns
Assigned-to:
CVSS: 

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: released (2.6.38)
dapper_linux-source-2.6.15: ignored
hardy_linux-source-2.6.15: DNE
karmic_linux-source-2.6.15: DNE
lucid_linux-source-2.6.15: DNE
maverick_linux-source-2.6.15: DNE
natty_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux:
 upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05
upstream_linux: released (2.6.38)
dapper_linux: DNE
hardy_linux: released (2.6.24-29.91)
karmic_linux: ignored
lucid_linux: released (2.6.32-33.64)
maverick_linux: released (2.6.35-30.55)
natty_linux: released (2.6.38-7.35)
devel_linux: not-affected (2.6.39-0.0)

Patches_linux-ec2:
upstream_linux-ec2: released (2.6.38)
dapper_linux-ec2: DNE
hardy_linux-ec2: DNE
karmic_linux-ec2: ignored (reached end-of-life)
lucid_linux-ec2: released (2.6.32-317.32)
maverick_linux-ec2: ignored (binary supplied by "linux" now)
natty_linux-ec2: DNE
devel_linux-ec2: DNE

Patches_linux-mvl-dove:
upstream_linux-mvl-dove: released (2.6.38)
dapper_linux-mvl-dove: DNE
hardy_linux-mvl-dove: DNE
karmic_linux-mvl-dove: ignored (abandonded branch)
lucid_linux-mvl-dove: released (2.6.32-217.34)
maverick_linux-mvl-dove: released (2.6.32-417.34)
natty_linux-mvl-dove: DNE
devel_linux-mvl-dove: DNE

Patches_linux-ti-omap4:
upstream_linux-ti-omap4: released (2.6.38)
dapper_linux-ti-omap4: DNE
hardy_linux-ti-omap4: DNE
karmic_linux-ti-omap4: DNE
lucid_linux-ti-omap4: DNE
maverick_linux-ti-omap4: released (2.6.35-903.23)
natty_linux-ti-omap4: released (2.6.38-1205.6)
devel_linux-ti-omap4: not-affected (2.6.38-1309.13)

Patches_linux-lts-backport-maverick:
upstream_linux-lts-backport-maverick: released (2.6.38)
dapper_linux-lts-backport-maverick: DNE
hardy_linux-lts-backport-maverick: DNE
karmic_linux-lts-backport-maverick: DNE
lucid_linux-lts-backport-maverick: released (2.6.35-30.55~lucid1)
maverick_linux-lts-backport-maverick: DNE
natty_linux-lts-backport-maverick: DNE
devel_linux-lts-backport-maverick: DNE

Patches_linux-fsl-imx51:
upstream_linux-fsl-imx51: released (2.6.38)
dapper_linux-fsl-imx51: DNE
hardy_linux-fsl-imx51: DNE
karmic_linux-fsl-imx51: ignored (reached end-of-life)
lucid_linux-fsl-imx51: released (2.6.31-610.27)
maverick_linux-fsl-imx51: DNE
natty_linux-fsl-imx51: DNE
devel_linux-fsl-imx51: DNE

Patches_linux-lts-backport-natty:
upstream_linux-lts-backport-natty: released (2.6.38)
hardy_linux-lts-backport-natty: DNE
lucid_linux-lts-backport-natty: not-affected (2.6.38-7.35~lucid1)
maverick_linux-lts-backport-natty: DNE
natty_linux-lts-backport-natty: DNE
devel_linux-lts-backport-natty: DNE