Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-3079

Published: 30 September 2010

kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file.

From the Ubuntu Security Team

Robert Swiecki discovered that ftrace did not correctly handle mutexes. A local attacker could exploit this to crash the kernel, leading to a denial of service.

Priority

Low

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

jaunty Ignored
(end of life)
karmic
Released (2.6.31-22.70)
lucid
Released (2.6.32-27.49)
maverick
Released (2.6.35-24.42)
upstream
Released (2.6.36~rc4)
Patches:
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c55cb12c1c172e2d51e85fbb5a4796ca86b77e7
karmic: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3079/patches/karmic/linux/0001-tracing-Do-not-allow-llseek-to-set_ftrace_filter.txt
lucid: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3079/patches/lucid/linux/0001-tracing-Do-not-allow-llseek-to-set_ftrace_filter.txt
maverick: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-3079/patches/maverick/linux/0001-tracing-Do-not-allow-llseek-to-set_ftrace_filter.txt
linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-307.23)
lucid
Released (2.6.32-311.23)
maverick Ignored
(end of life)
upstream
Released (2.6.36~rc4)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-112.30)
lucid
Released (2.6.31-608.22)
maverick Does not exist

upstream
Released (2.6.36~rc4)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid
Released (2.6.35-25.44~lucid1)
maverick Does not exist

upstream
Released (2.6.36~rc4)
linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(end of life)
lucid
Released (2.6.32-216.33)
maverick
Released (2.6.32-416.33)
upstream
Released (2.6.36~rc4)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream
Released (2.6.36~rc4)
linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.22)
upstream
Released (2.6.36~rc4)

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H