kernel: multiple vulnerabilities [LWN.net]

Package(s):

kernel

CVE #(s):

CVE-2010-3699 CVE-2010-4161 CVE-2010-4242 CVE-2010-4247

Created:

January 4, 2011

Updated:

July 15, 2011

Description:

From the Red Hat advisory:

* A flaw was found in the Xenbus code for the unified block-device I/O interface back end. A privileged guest user could use this flaw to cause a denial of service on the host system running the Xen hypervisor. (CVE-2010-3699)

* The fix for Red Hat Bugzilla bug 484590 as provided in RHSA-2009:1243 introduced a regression. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4161)

* A NULL pointer dereference flaw was found in the Bluetooth HCI UART driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4242)

* It was found that a malicious guest running on the Xen hypervisor could place invalid data in the memory that the guest shared with the blkback and blktap back-end drivers, resulting in a denial of service on the host system. (CVE-2010-4247)

Alerts:

Ubuntu	USN-1204-1	2011-09-13
Ubuntu	USN-1202-1	2011-09-13
Ubuntu	USN-1170-1	2011-07-15
SUSE	SUSE-SA:2011:017	2011-04-18
openSUSE	openSUSE-SU-2011:0346-1	2011-04-18
Ubuntu	USN-1105-1	2011-04-05
Ubuntu	USN-1092-1	2011-03-25
SUSE	SUSE-SA:2011:015	2011-03-24
Ubuntu	USN-1089-1	2011-03-18
Red Hat	RHSA-2011:0330-01	2011-03-10
SUSE	SUSE-SA:2011:012	2011-03-08
Ubuntu	USN-1072-1	2011-02-25
SUSE	SUSE-SA:2011:008	2011-02-11
openSUSE	openSUSE-SU-2011:0399-1	2011-04-28
Debian	DSA-2153-1	2011-01-30
CentOS	CESA-2011:0162	2011-01-27
SUSE	SUSE-SA:2011:005	2011-01-25
Red Hat	RHSA-2011:0162-01	2011-01-18
Red Hat	RHSA-2011:0007-01	2011-01-11
CentOS	CESA-2011:0004	2011-01-06
Red Hat	RHSA-2011:0004-01	2011-01-04

(Log in to post comments)