MDVSA-2010:257 -- Mandriva kernelID: oval:org.secpod.oval:def:301156 | Date: (C)2012-01-07 (M)2024-01-02 |
Class: PATCH | Family: unix |
A vulnerability was discovered and corrected in the Linux 2.6 kernel: The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the arguments and environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service via a crafted exec system call, a related issue to CVE-2010-2240. drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted SNDRV_CTL_IOCTL_ELEM_ADD or SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. A kernel stack overflow, a bad pointer dereference and a missing permission check were corrected in the econet implementation . Additionally, the kernel has been updated to the stable upstream version 2.6.27.56
Platform: |
Mandriva Linux 2009.0 |