CVE-2010-4162

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.

From the Ubuntu Security Team

Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service.

• How can I get the fixes?
• What do statuses mean?
• Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-1092-1
• Linux Kernel vulnerabilities
• 25 March 2011
• USN-1089-1
• Linux kernel vulnerabilities
• 18 March 2011
• USN-1202-1
• Linux kernel (OMAP4) vulnerabilities
• 13 September 2011
• USN-1105-1
• Linux kernel vulnerabilities
• 5 April 2011
• USN-1083-1
• Linux kernel vulnerabilities
• 3 March 2011
• USN-1054-1
• Linux kernel vulnerabilities
• 1 February 2011
• USN-1204-1
• Linux kernel (i.MX51) vulnerabilities
• 13 September 2011
• USN-1093-1
• Linux Kernel vulnerabilities (Marvell Dove)
• 25 March 2011

Other references

• https://www.cve.org/CVERecord?id=CVE-2010-4162