Kernel vulnerabilities discovered in Ubuntu

Kernel vulnerabilities have been uncovered across a range of Ubuntu releases, covering 6.06 LTS to 9.10, also including Kubuntu, Edubuntu, and Xubuntu distros.

I just know other outlets will eventually pick up on this and add nonsense and subtract the facts at their own leisure, so I thought it worthwhile to get in early.

A kernel vulnerabilities have been uncovered across a range of Ubuntu releases, covering 6.06 LTS to 9.10, also including Kubuntu, Edubuntu, and Xubuntu distros.

Here's the key facts, with a key phrase highlighted:

Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. A local attacker could exploit this to cause the system to crash, leading to a denial of service. (CVE-2010-0307)

Marcelo Tosatti discovered that the Linux kernel's hardware virtualization did not correctly handle reading the /dev/port special device. A local attacker in a guest operating system could issue a specific read that would cause the host system to crash, leading to a denial of service. (CVE-2010-0309)

Sebastian Krahmer discovered that the Linux kernel did not correctly handle netlink connector messages. A local attacker could exploit this to consume kernel memory, leading to a denial of service. (CVE-2010-0410)

Ramon de Carvalho Valle discovered that the Linux kernel did not correctly validate certain memory migration calls. A local attacker could exploit this to read arbitrary kernel memory or cause a system crash, leading to a denial of service. (CVE-2010-0415)

Jermome Marchand and Mikael Pettersson discovered that the Linux kernel did not correctly handle certain futex operations. A local attacker could exploit this to cause a system crash, leading to a denial of service. (CVE-2010-0622, CVE-2010-0623)

Key phrase: "a local attacker" ... these exploits cannot be leveraged remotely, meaning the sky isn't falling it on Linux users.

Updates are available for affected distros.