Bug 628434 (CVE-2010-2955)
Summary: | CVE-2010-2955 kernel: wireless: fix 64K kernel heap content leak via ioctl | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | desktop-bugs <desktop-bugs> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | arozansk, bhu, davej, jkacur, kmcmartin, kzhang, lgoncalv, linville, lwang, pmatouse, tcallawa, williams | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2012-03-28 08:48:08 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 628435, 628436, 628437, 628438 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Eugene Teo (Security Response)
2010-08-30 03:44:29 UTC
Created attachment 442035 [details] bz628434.patch Discussions: http://lkml.org/lkml/2010/8/27/413 http://lkml.org/lkml/2010/8/30/351 Fix: http://lkml.org/lkml/2010/8/30/146 Created attachment 442177 [details]
jwltest-wireless-extensions-fix-kernel-heap-content-leak.patch
Test kernels w/ above patch are available here: http://people.redhat.com/linville/kernels/rhel6/ Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as they did not backport the upstream commit 3d23e349 that had introduced the problem. A future update in Red Hat Enterprise MRG may address this flaw. This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2010:0771 https://rhn.redhat.com/errata/RHSA-2010-0771.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0842 https://rhn.redhat.com/errata/RHSA-2010-0842.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0842 https://rhn.redhat.com/errata/RHSA-2010-0842.html |