1. Ubuntu Security Notices
  2. USN-864-1

USN-864-1: Linux kernel vulnerabilities

Publication date

5 December 2009

Overview

Linux kernel vulnerabilities

Releases

Packages

Details

It was discovered that the AX.25 network subsystem did not correctly
check integer signedness in certain setsockopt calls. A local attacker
could exploit this to crash the system, leading to a denial of service.
Ubuntu 9.10 was not affected. (CVE-2009-2909)

Jan Beulich discovered that the kernel could leak register contents to
32-bit processes that were switched to 64-bit mode. A local attacker
could run a specially crafted binary to read register values from an
earlier process, leading to a loss of privacy. (CVE-2009-2910)

Dave Jones discovered that the gdth SCSI driver did not correctly validate
array indexes in certain ioctl calls. A local attacker could exploit
this to crash the system or gain elevated privileges. (CVE-2009-3080)

Eric Dumazet and Jiri Pirko discovered that the TC and CLS...

It was discovered that the AX.25 network subsystem did not correctly
check integer signedness in certain setsockopt calls. A local attacker
could exploit this to crash the system, leading to a denial of service.
Ubuntu 9.10 was not affected. (CVE-2009-2909)

Jan Beulich discovered that the kernel could leak register contents to
32-bit processes that were switched to 64-bit mode. A local attacker
could run a specially crafted binary to read register values from an
earlier process, leading to a loss of privacy. (CVE-2009-2910)

Dave Jones discovered that the gdth SCSI driver did not correctly validate
array indexes in certain ioctl calls. A local attacker could exploit
this to crash the system or gain elevated privileges. (CVE-2009-3080)

Eric Dumazet and Jiri Pirko discovered that the TC and CLS subsystems
would leak kernel memory via uninitialized structure members. A local
attacker could exploit this to read several bytes of kernel memory,
leading to a loss of privacy. (CVE-2009-3228, CVE-2009-3612)

Earl Chew discovered race conditions in pipe handling. A local attacker
could exploit anonymous pipes via /proc/*/fd/ and crash the system or
gain root privileges. (CVE-2009-3547)

Dave Jones and Francois Romieu discovered that the r8169 network driver
could be made to leak kernel memory. A remote attacker could send a large
number of jumbo frames until the system memory was exhausted, leading
to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-3613).

Ben Hutchings discovered that the ATI Rage 128 video driver did not
correctly validate initialization states. A local attacker could
make specially crafted ioctl calls to crash the system or gain root
privileges. (CVE-2009-3620)

Tomoki Sekiyama discovered that Unix sockets did not correctly verify
namespaces. A local attacker could exploit this to cause a system hang,
leading to a denial of service. (CVE-2009-3621)

J. Bruce Fields discovered that NFSv4 did not correctly use the credential
cache. A local attacker using a mount with AUTH_NULL authentication
could exploit this to crash the system or gain root privileges. Only
Ubuntu 9.10 was affected. (CVE-2009-3623)

Alexander Zangerl discovered that the kernel keyring did not correctly
reference count. A local attacker could issue a series of specially
crafted keyring calls to crash the system or gain root privileges.
Only Ubuntu 9.10 was affected. (CVE-2009-3624)

David Wagner discovered that KVM did not correctly bounds-check CPUID
entries. A local attacker could exploit this to crash the system
or possibly gain elevated privileges. Ubuntu 6.06 and 9.10 were not
affected. (CVE-2009-3638)

Avi Kivity discovered that KVM did not correctly check privileges when
accessing debug registers. A local attacker could exploit this to
crash a host system from within a guest system, leading to a denial of
service. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3722)

Philip Reisner discovered that the connector layer for uvesafb, pohmelfs,
dst, and dm did not correctly check capabilties. A local attacker could
exploit this to crash the system or gain elevated privileges. Ubuntu
6.06 was not affected. (CVE-2009-3725)

Trond Myklebust discovered that NFSv4 clients did not robustly
verify attributes. A malicious remote NFSv4 server could exploit
this to crash a client or gain root privileges. Ubuntu 9.10 was not
affected. (CVE-2009-3726)

Robin Getz discovered that NOMMU systems did not correctly validate
NULL pointers in do_mmap_pgoff calls. A local attacker could attempt to
allocate large amounts of memory to crash the system, leading to a denial
of service. Only Ubuntu 6.06 and 9.10 were affected. (CVE-2009-3888)

Joseph Malicki discovered that the MegaRAID SAS driver had
world-writable option files. A local attacker could exploit these
to disrupt the behavior of the controller, leading to a denial of
service. (CVE-2009-3889, CVE-2009-3939)

Roel Kluin discovered that the Hisax ISDN driver did not correctly
check the size of packets. A remote attacker could send specially
crafted packets to cause a system crash, leading to a denial of
service. (CVE-2009-4005)

Lennert Buytenhek discovered that certain 802.11 states were not handled
correctly. A physically-proximate remote attacker could send specially
crafted wireless traffic that would crash the system, leading to a denial
of service. Only Ubuntu 9.10 was affected. (CVE-2009-4026, CVE-2009-4027)

Update instructions

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Learn more about how to get the fixes.

ATTENTION: Due to an unavoidable ABI change (except for Ubuntu 6.06) the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
9.10 karmic linux-image-2.6.31-16-powerpc-smp –  2.6.31-16.52
linux-image-2.6.31-16-server –  2.6.31-16.52
linux-image-2.6.31-16-powerpc64-smp –  2.6.31-16.52
linux-image-2.6.31-16-lpia –  2.6.31-16.52
linux-image-2.6.31-16-386 –  2.6.31-16.52
linux-image-2.6.31-16-generic-pae –  2.6.31-16.52
linux-image-2.6.31-16-sparc64-smp –  2.6.31-16.52
linux-image-2.6.31-16-virtual –  2.6.31-16.52
linux-image-2.6.31-16-sparc64 –  2.6.31-16.52
linux-image-2.6.31-16-ia64 –  2.6.31-16.52
linux-image-2.6.31-16-generic –  2.6.31-16.52
linux-image-2.6.31-16-powerpc –  2.6.31-16.52
9.04 jaunty linux-image-2.6.28-17-imx51 –  2.6.28-17.58
linux-image-2.6.28-17-virtual –  2.6.28-17.58
linux-image-2.6.28-17-server –  2.6.28-17.58
linux-image-2.6.28-17-versatile –  2.6.28-17.58
linux-image-2.6.28-17-iop32x –  2.6.28-17.58
linux-image-2.6.28-17-generic –  2.6.28-17.58
linux-image-2.6.28-17-ixp4xx –  2.6.28-17.58
linux-image-2.6.28-17-lpia –  2.6.28-17.58
8.10 intrepid linux-image-2.6.27-16-virtual –  2.6.27-16.44
linux-image-2.6.27-16-server –  2.6.27-16.44
linux-image-2.6.27-16-generic –  2.6.27-16.44
8.04 hardy linux-image-2.6.24-26-mckinley –  2.6.24-26.64
linux-image-2.6.24-26-generic –  2.6.24-26.64
linux-image-2.6.24-26-hppa32 –  2.6.24-26.64
linux-image-2.6.24-26-386 –  2.6.24-26.64
linux-image-2.6.24-26-sparc64-smp –  2.6.24-26.64
linux-image-2.6.24-26-openvz –  2.6.24-26.64
linux-image-2.6.24-26-powerpc –  2.6.24-26.64
linux-image-2.6.24-26-itanium –  2.6.24-26.64
linux-image-2.6.24-26-lpiacompat –  2.6.24-26.64
linux-image-2.6.24-26-xen –  2.6.24-26.64
linux-image-2.6.24-26-lpia –  2.6.24-26.64
usb-modules-2.6.24-26-sparc64-di –  2.6.24-26.64
linux-image-2.6.24-26-powerpc-smp –  2.6.24-26.64
linux-image-2.6.24-26-virtual –  2.6.24-26.64
linux-image-2.6.24-26-rt –  2.6.24-26.64
linux-image-2.6.24-26-server –  2.6.24-26.64
linux-image-2.6.24-26-powerpc64-smp –  2.6.24-26.64
linux-image-2.6.24-26-hppa64 –  2.6.24-26.64
linux-image-2.6.24-26-sparc64 –  2.6.24-26.64
6.06 dapper linux-image-2.6.15-55-hppa64 –  2.6.15-55.81
linux-image-2.6.15-55-mckinley –  2.6.15-55.81
linux-image-2.6.15-55-powerpc-smp –  2.6.15-55.81
linux-image-2.6.15-55-hppa32-smp –  2.6.15-55.81
linux-image-2.6.15-55-686 –  2.6.15-55.81
linux-image-2.6.15-55-amd64-k8 –  2.6.15-55.81
linux-image-2.6.15-55-amd64-server –  2.6.15-55.81
linux-image-2.6.15-55-386 –  2.6.15-55.81
linux-image-2.6.15-55-sparc64-smp –  2.6.15-55.81
linux-image-2.6.15-55-k7 –  2.6.15-55.81
linux-image-2.6.15-55-sparc64 –  2.6.15-55.81
linux-image-2.6.15-55-server –  2.6.15-55.81
linux-image-2.6.15-55-powerpc64-smp –  2.6.15-55.81
linux-image-2.6.15-55-hppa32 –  2.6.15-55.81
linux-image-2.6.15-55-mckinley-smp –  2.6.15-55.81
linux-image-2.6.15-55-server-bigiron –  2.6.15-55.81
linux-image-2.6.15-55-itanium-smp –  2.6.15-55.81
linux-image-2.6.15-55-amd64-xeon –  2.6.15-55.81
linux-image-2.6.15-55-powerpc –  2.6.15-55.81
linux-image-2.6.15-55-amd64-generic –  2.6.15-55.81
linux-image-2.6.15-55-hppa64-smp –  2.6.15-55.81
linux-image-2.6.15-55-itanium –  2.6.15-55.81

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›