kernel: multiple vulnerabilities [LWN.net]

Package(s):

kernel

CVE #(s):

CVE-2009-2908 CVE-2009-2909 CVE-2009-2910

Created:

October 16, 2009

Updated:

February 15, 2010

Description:

From the Red Hat bugzilla: A flaw was found in ecryptfs which can result in a NULL pointer dereference. Quoting the commit message: When calling vfs_unlink() on the lower dentry, d_delete() turns the dentry into a negative dentry when the d_count is 1. This eventually caused a NULL pointer deref when a read() or write() was done and the negative dentry's d_inode was dereferenced in ecryptfs_read_update_atime() or ecryptfs_getxattr(). (CVE-2009-2908)

From the Red Hat bugzilla: The ax25 code tried to use

        if (optlen < sizeof(int))
                return -EINVAL;

as a security check against optlen being negative (or zero) in the set socket option. Unfortunately, "sizeof(int)" is an unsigned property, with the result that the whole comparison is done in unsigned, letting negative values slip through. (CVE-2009-2909)

From the Red Hat bugzilla: An information leak was discovered in the kernel where a 32-bit process running in 64-bit mode could possibly read certain 64 bit registers. (CVE-2009-2910)

Alerts:

CentOS	CESA-2010:0046	2010-01-20
Red Hat	RHSA-2010:0046-01	2010-01-19
SuSE	SUSE-SA:2010:012	2010-02-15
CentOS	CESA-2009:1671	2009-12-18
Red Hat	RHSA-2009:1671-01	2009-12-15
Ubuntu	USN-864-1	2009-12-05
SuSE	SUSE-SA:2009:060	2009-12-02
SuSE	SUSE-SA:2009:055	2009-11-12
Debian	DSA-1928-1	2009-11-05
Red Hat	RHSA-2009:1540-01	2009-11-03
Red Hat	RHSA-2009:1548-01	2009-11-03
SuSE	SUSE-SA:2009:051	2009-11-02
Ubuntu	USN-852-1	2009-10-22
CentOS	CESA-2009:1548	2009-11-04
SuSE	SUSE-SA:2009:056	2009-11-16
SuSE	SUSE-SA:2009:054	2009-11-11
Debian	DSA-1929-1	2009-11-05
Fedora	FEDORA-2009-10639	2009-10-21
Mandriva	MDVSA-2009:289	2009-10-27
Debian	DSA-1915-1	2009-10-22
Fedora	FEDORA-2009-10525	2009-10-15

(Log in to post comments)