kernel: several vulnerabilities [LWN.net]

Package(s):

kernel

CVE #(s):

CVE-2010-0410 CVE-2010-0415

Created:

February 12, 2010

Updated:

October 8, 2010

Description:

From the Red Hat bugzilla: Sebastian Krahmer found a problem in the drivers/connector/connector.c code where users could send/allocate arbitrary amounts of NETLINK_CONNECTOR messages to the kernel, causing OOM condition, killing selected processes or halting the system. CVE-2010-0410

From the Red Hat bugzilla: Ramon de C. Valle spotted a problem in sys_move_pages, where "node" value is read from userspace, but not limited to the node set within the kernel itself. Due to the bit tests in mm/migrate.c:do_move_pages it is easy to read out the kernel memory (as node can also be negative). CVE-2010-0415

Alerts:

Mandriva	MDVSA-2010:188	2010-09-23
Mandriva	MDVSA-2010:198	2010-10-07
CentOS	CESA-2010:0398	2010-05-28
Red Hat	RHSA-2010:0398-01	2010-05-06
SuSE	SUSE-SA:2010:023	2010-05-06
Mandriva	MDVSA-2010:088	2010-04-30
SuSE	SUSE-SA:2010:019	2010-03-30
Mandriva	MDVSA-2010:066	2010-03-24
Red Hat	RHSA-2010:0161-01	2010-03-23
SuSE	SUSE-SA:2010:018	2010-03-22
CentOS	CESA-2010:0147	2010-03-18
Red Hat	RHSA-2010:0147-01	2010-03-16
Ubuntu	USN-914-1	2010-03-17
SuSE	SUSE-SA:2010:016	2010-03-08
SuSE	SUSE-SA:2010:014	2010-03-03
Fedora	FEDORA-2010-1804	2010-02-12
Pardus	2010-35	2010-02-25
Debian	DSA-2003-1	2010-02-22
Fedora	FEDORA-2010-1787	2010-02-12
Debian	DSA-1996-1	2010-02-12
Debian	DSA-2004-1	2010-02-27

(Log in to post comments)