CVE-2010-2243

Publication date 7 November 2019

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

7.5 · High

Score breakdown

A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.

Read the notes from the security team

Status

Package Ubuntu Release Status
linux 13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick Ignored end of life, was pending
10.04 LTS lucid
Not affected
8.04 LTS hardy
Not affected
linux-armadaxp 13.04 raring Not in release
12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric Not in release
11.04 natty Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
linux-ec2 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Ignored end of life
10.04 LTS lucid
Not affected
8.04 LTS hardy Not in release
linux-fsl-imx51 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid
Not affected
8.04 LTS hardy Not in release
linux-lts-backport-maverick 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Not in release
linux-lts-backport-natty 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid
Not affected
8.04 LTS hardy Not in release
linux-lts-backport-oneiric 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid
Not affected
8.04 LTS hardy Not in release
linux-lts-quantal 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise
Not affected
11.10 oneiric Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
linux-lts-raring 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise
Not affected
11.10 oneiric Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
linux-mvl-dove 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Ignored end of life, was pending
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Not in release
linux-ti-omap4 13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick Ignored end of life, was pending
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release

Notes


apw

this is is fixed by the commit below: ad6759fbf35d104dbf573cd6f4c6784ad6823f7e CONFIG_GENERIC_TIME must be disabled to trigger the issue too and this option was removed moving =y everywhere in the commit below: 592913ecb87a9e06f98ddb55b298f1a66bf94c6b the option already existed in v2.6.24. confirmed configuration was always on for hardy, lucid and maverick

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
linux

Severity score breakdown

Parameter Value
Base score 7.5 · High
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H