Ubuntu
linux package

CVE-2010-3086

Bug #706060 reported by Brad Figg
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Low
Andy Whitcroft
Dapper
Won't Fix
Low
Andy Whitcroft
Hardy
Fix Released
Low
Andy Whitcroft
Karmic
Invalid
Low
Andy Whitcroft
Lucid
Invalid
Low
Andy Whitcroft
Maverick
Invalid
Low
Andy Whitcroft
Natty
Invalid
Low
Andy Whitcroft

Bug Description

include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault.

See original description
Brad Figg (brad-figg)
description: updated
description: updated
Revision history for this message
Jeremy Foshee (jeremyfoshee) wrote :

Hi Brad,

Please be sure to confirm this issue exists with the latest development release of Ubuntu. ISO CD images are available from http://cdimage.ubuntu.com/daily/current/ . If the issue remains, please run the following command from a Terminal (Applications->Accessories->Terminal). It will automatically gather and attach updated debug information to this report.

apport-collect -p linux 706060

Also, if you could test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Once you've tested the upstream kernel, please remove the 'needs-upstream-testing' tag. This can be done by clicking on the yellow pencil icon next to the tag located at the bottom of the bug description and deleting the 'needs-upstream-testing' text. Please let us know your results.

Thanks in advance.

    [This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]

tags: added: needs-kernel-logs
tags: added: needs-upstream-testing
tags: added: kj-triage
Changed in linux (Ubuntu):
status: New → Incomplete
Andy Whitcroft (apw)
tags: added: kj-triagekernel-logs
removed: kj-triage needs-kernel-logs
tags: added: kj-triage
removed: kj-triagekernel-logs needs-upstream-testing
Changed in linux (Ubuntu):
status: Incomplete → Triaged
Brian Murray (brian-murray)
security vulnerability: no → yes
Revision history for this message
Andy Whitcroft (apw) wrote :

Confirmed that the fixes related here are indeed applied to Karmic and Later.

Changed in linux (Ubuntu Karmic):
status: New → Invalid
Changed in linux (Ubuntu Maverick):
status: New → Invalid
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Dapper):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Karmic):
importance: Undecided → Low
Changed in linux (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
assignee: nobody → Andy Whitcroft (apw)
Changed in linux (Ubuntu Natty):
assignee: nobody → Andy Whitcroft (apw)
status: Triaged → Invalid
Changed in linux (Ubuntu Karmic):
assignee: nobody → Andy Whitcroft (apw)
Changed in linux (Ubuntu Maverick):
assignee: nobody → Andy Whitcroft (apw)
Revision history for this message
Andy Whitcroft (apw) wrote :

The fix below is claimed to fix this issue:

  commit 9d55b9923a1b7ea8193b8875c57ec940dc2ff027
  Author: Thomas Gleixner <email address hidden>
  Date: Fri Feb 1 17:45:14 2008 +0100

    x86: replace LOCK_PREFIX in futex.h

    The exception fixup for the futex macros __futex_atomic_op1/2 and
    futex_atomic_cmpxchg_inatomic() is missing an entry when the lock
    prefix is replaced by a NOP via SMP alternatives.

    Chuck Ebert tracked this down from the information provided in:
    https://bugzilla.redhat.com/show_bug.cgi?id=429412

    A possible solution would be to add another fixup after the
    LOCK_PREFIX, so both the LOCK and NOP case have their own entry in the
    exception table, but it's not really worth the trouble.

    Simply replace LOCK_PREFIX with lock and keep those untouched by SMP
    alternatives.

    Signed-off-by: Thomas Gleixner <email address hidden>

    Signed-off-by: Ingo Molnar <email address hidden>

Revision history for this message
Andy Whitcroft (apw) wrote :

This has hit v2.6.24.4 via the stable process and has been applied and released into Hardy already. Closed Fix Released.

  commit a026091e22cc64d1045af9c53adb635fc938b23e
  Author: Thomas Gleixner <email address hidden>
  Date: Sat Feb 23 11:56:56 2008 -0500

    x86: replace LOCK_PREFIX in futex.h

    Bug: #301608

    Commit: 9d55b9923a1b7ea8193b8875c57ec940dc2ff027

Changed in linux (Ubuntu Hardy):
status: New → Fix Released
assignee: nobody → Andy Whitcroft (apw)
Andy Whitcroft (apw)
Changed in linux (Ubuntu Dapper):
status: New → In Progress
assignee: nobody → Andy Whitcroft (apw)
Andy Whitcroft (apw)
Changed in linux (Ubuntu Dapper):
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand)
Changed in linux (Ubuntu Dapper):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.