CVE-2011-1494
Publication date 3 May 2011
Last updated 24 July 2024
Ubuntu priority
Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.
From the Ubuntu Security Team
Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
linux-ec2 | ||
linux-fsl-imx51 | ||
linux-lts-backport-maverick | ||
linux-lts-backport-natty | ||
linux-mvl-dove | ||
linux-source-2.6.15 | ||
linux-ti-omap4 | ||
Patch details
Package | Patch details |
---|---|
linux |
References
Related Ubuntu Security Notices (USN)
- USN-1164-1
- Linux kernel vulnerabilities (i.MX51)
- 6 July 2011
- USN-1202-1
- Linux kernel (OMAP4) vulnerabilities
- 13 September 2011
- USN-1160-1
- Linux kernel vulnerabilities
- 28 June 2011
- USN-1168-1
- Linux kernel vulnerabilities
- 15 July 2011
- USN-1162-1
- Linux kernel vulnerabilities (Marvell Dove)
- 29 June 2011
- USN-1167-1
- Linux kernel vulnerabilities
- 13 July 2011
- USN-1187-1
- Linux kernel (Maverick backport) vulnerabilities
- 9 August 2011
- USN-1212-1
- Linux kernel (OMAP4) vulnerabilities
- 21 September 2011
- USN-1161-1
- Linux kernel vulnerabilities (EC2)
- 13 July 2011
- USN-1159-1
- Linux kernel vulnerabilities (Marvell Dove)
- 13 July 2011