Linux Kernel Multiple Vulnerabilities

Secunia ID	SA38502
CVE-ID	CVE-2010-0415, CVE-2010-0622
Release Date	08 Feb 2010
Last Change	24 Feb 2010
Criticality	Less Critical Typically used for cross-site scripting vulnerabilities and privilege escalation vulnerabilities. This rating is also used for vulnerabilities allowing exposure of sensitive data to local users.
Solution Status	Vendor Patch
Where	Local system "Local system" describes vulnerabilities where the attack vector requires that the attacker is a local user on the system.
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. Exposure of sensitive information Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote. Privilege escalation This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users. This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system.
Description	Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and potentially gain escalated privileges. 1) A vulnerability is caused due to the "do_pages_move()" function in mm/migrate.c not properly verifying the node values received from userspace, which can be exploited to cause a crash or disclose memory via a specially crafted "move_pages" system call. 2) A vulnerability is caused due to a NULL pointer dereference error within the "wake_futex_pi()" function in kernel/futex.c, which can be exploited to cause a crash and potentially gain escalated privileges.
Solution	Update to version 2.6.32.9.
Reported by	1) Ramon de Carvalho Valle 2) Disclosed in a GIT commit.
Original Advisory	1) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f5a55f1a6c5abee15a0e878e5c74d9f1569b8b0 2) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51246bfd189064079c54421507236fd2723b18f3