CVE-2010-2942

EUVD-2010-2946

21.09.2010, 18:00

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	𝑥 ≤ 2.6.35.13
linux	linux_kernel	2.6.36
linux	linux_kernel	2.6.36:rc1
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	9.04
canonical	ubuntu_linux	9.10
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	10.10
opensuse	opensuse	11.1
opensuse	opensuse	11.3
avaya	aura_communication_manager	5.2
avaya	aura_presence_services	6.0
avaya	aura_presence_services	6.1
avaya	aura_presence_services	6.1.1
avaya	aura_session_manager	1.1
avaya	aura_session_manager	5.2
avaya	aura_session_manager	6.0
avaya	aura_system_manager	5.2
avaya	aura_system_manager	6.0
avaya	aura_system_manager	6.1
avaya	aura_system_manager	6.1.1
avaya	aura_system_platform	1.1
avaya	aura_system_platform	6.0
avaya	aura_system_platform	6.0:sp1
avaya	iq	5.0
avaya	iq	5.1
avaya	voice_portal	5.0
avaya	voice_portal	5.1
avaya	voice_portal	5.1:sp1
vmware	esx	4.0
vmware	esx	4.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

linux

dapper	dne
hardy	Fixed 2.6.24-28.80 released
jaunty	Fixed 2.6.28-19.66 released
karmic	Fixed 2.6.31-22.67 released
lucid	Fixed 2.6.32-25.45 released
maverick	not-affected

linux-ec2

dapper	dne
hardy	dne
karmic	Fixed 2.6.31-307.21 released
lucid	Fixed 2.6.32-309.18 released
maverick	ignored

linux-fsl-imx51

dapper	dne
hardy	dne
karmic	Fixed 2.6.31-112.30 released
lucid	Fixed 2.6.31-608.22 released
maverick	dne

linux-lts-backport-maverick

dapper	dne
hardy	dne
karmic	dne
lucid	Fixed 2.6.35-25.44~lucid1 released
maverick	dne

linux-mvl-dove

dapper	dne
hardy	dne
karmic	ignored
lucid	Fixed 2.6.32-216.33 released
maverick	Fixed 2.6.32-416.33 released

linux-source-2.6.15

dapper	Fixed 2.6.15-55.89 released
hardy	dne
jaunty	dne
karmic	dne
lucid	dne
maverick	dne

Common Weakness Enumeration

CWE-401 - Missing Release of Memory after Effective Lifetime
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References

http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

http://patchwork.ozlabs.org/patch/61857/

http://secunia.com/advisories/41512

http://secunia.com/advisories/46397

http://support.avaya.com/css/P8/documents/100113326

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2

http://www.openwall.com/lists/oss-security/2010/08/18/1

http://www.openwall.com/lists/oss-security/2010/08/19/4

http://www.redhat.com/support/errata/RHSA-2010-0723.html

http://www.redhat.com/support/errata/RHSA-2010-0771.html

http://www.redhat.com/support/errata/RHSA-2010-0779.html

http://www.securityfocus.com/archive/1/520102/100/0/threaded

http://www.securityfocus.com/bid/42529

http://www.ubuntu.com/usn/USN-1000-1

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

http://www.vupen.com/english/advisories/2010/2430

http://www.vupen.com/english/advisories/2011/0298

https://bugzilla.redhat.com/show_bug.cgi?id=624903

http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

http://patchwork.ozlabs.org/patch/61857/

http://secunia.com/advisories/41512

http://secunia.com/advisories/46397

http://support.avaya.com/css/P8/documents/100113326

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2

http://www.openwall.com/lists/oss-security/2010/08/18/1

http://www.openwall.com/lists/oss-security/2010/08/19/4

http://www.redhat.com/support/errata/RHSA-2010-0723.html

http://www.redhat.com/support/errata/RHSA-2010-0771.html

http://www.redhat.com/support/errata/RHSA-2010-0779.html

http://www.securityfocus.com/archive/1/520102/100/0/threaded

http://www.securityfocus.com/bid/42529

http://www.ubuntu.com/usn/USN-1000-1

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

http://www.vupen.com/english/advisories/2010/2430

http://www.vupen.com/english/advisories/2011/0298

https://bugzilla.redhat.com/show_bug.cgi?id=624903