← Back to team overview

kernel-packages team mailing list archive

[Bug 712737] Re: CVE-2010-4081

 

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4249

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/712737

Title:
  CVE-2010-4081

Status in linux package in Ubuntu:
  Fix Released
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Lucid:
  Fix Released
Status in linux-fsl-imx51 source package in Lucid:
  Fix Released
Status in linux-ti-omap4 source package in Lucid:
  Invalid
Status in linux source package in Maverick:
  Fix Released
Status in linux-fsl-imx51 source package in Maverick:
  Invalid
Status in linux-ti-omap4 source package in Maverick:
  Won't Fix
Status in linux source package in Natty:
  Fix Released
Status in linux-fsl-imx51 source package in Natty:
  Invalid
Status in linux-ti-omap4 source package in Natty:
  Fix Released
Status in linux source package in Dapper:
  Won't Fix
Status in linux-fsl-imx51 source package in Dapper:
  Invalid
Status in linux-ti-omap4 source package in Dapper:
  Invalid
Status in linux source package in Hardy:
  Fix Released
Status in linux-fsl-imx51 source package in Hardy:
  Invalid
Status in linux-ti-omap4 source package in Hardy:
  Invalid
Status in linux source package in Karmic:
  Fix Released
Status in linux-fsl-imx51 source package in Karmic:
  Won't Fix
Status in linux-ti-omap4 source package in Karmic:
  Invalid

Bug description:
  ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory

  The SNDRV_HDSP_IOCTL_GET_CONFIG_INFO and
  SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctls in hdspm.c and hdsp.c allow
  unprivileged users to read uninitialized kernel stack memory, because
  several fields of the hdsp{m}_config_info structs declared on the stack
  are not altered or zeroed before being copied back to the user.  This
  patch takes care of it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/712737/+subscriptions