Bugzilla – Bug 628604
VUL-1: CVE-2010-2803: kernel: local kernel heap memory exposure leaks up to 16K with drm ioctls
Last modified: 2015-10-30 10:42:31 UTC
Hi. There is a security bug in package 'kernel'. This bug is NOT PUBLIC. The coordinated release date (CRD) is: 2010-08-11 CVE number: CVE-2010-2803 CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2803 Original posting: CVE-2010-2803 ---------- Weitergeleitete Nachricht ---------- Betreff: [security@suse.de] local kernel heap memory exposure leaks up to 16K with drm ioctls Datum: Mittwoch, 4. August 2010, 21:01:48 Von: Kees Cook <kees@ubuntu.com> An: security@kernel.org Kopie: security@mandriva.com, security@suse.de, secalert@redhat.com, security@debian.org, security@rpath.com, security@ubuntu.com, "Steven M. Christey" <coley@linus.mitre.org> Hi, (While this isn't a critical issue, I'm avoiding vendor-sec due to the history of kernel security leaks from there. If I have missed a vendor, please let me know. Steven, can you please assign a CVE for this issue?) I've found a problem with the ioctl subsystem for drm, though it is most explicitly exposed by the intel GEM driver. Under driver-defined ioctls, drm does not sanitize the ioctl command, allowing the caller to specify how much memory should be kmalloc'd and copied back to the caller, regardless of what the driver ioctl actually does (it doesn't even need to succeed). drivers/gpu/drm/drm_drv.c long drm_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) .. unsigned int nr = DRM_IOCTL_NR(cmd); .. if ((nr >= DRM_COMMAND_BASE) && (nr < DRM_COMMAND_END) && (nr < DRM_COMMAND_BASE + dev->driver->num_ioctls)) ioctl = &dev->driver->ioctls[nr - DRM_COMMAND_BASE]; .. if (cmd & (IOC_IN | IOC_OUT)) { if (_IOC_SIZE(cmd) <= sizeof(stack_kdata)) { kdata = stack_kdata; } else { kdata = kmalloc(_IOC_SIZE(cmd), GFP_KERNEL); .. } } .. retcode = func(dev, kdata, file_priv); .. if (cmd & IOC_OUT) { if (copy_to_user((void __user *)arg, kdata, _IOC_SIZE(cmd)) != 0) retcode = -EFAULT; } "cmd" is caller-controlled, and can do whatever it likes for _IOC_SIZE(cmd), IOC_IN and IOC_OUT, resulting in leakage of previously freed kernel heap memory contents up to 16K in size. Attached is a private reproducer, tuned to 8K which seemed to give the best results. The only requirement is that the user is logged in under X or otherwise has r/w access to the dri path (group "video"). $ make ioctl-read.c $ ./ioctl-read | hexdump -C I would propose a coordinated release date of Aug 11th, assuming there is enough time for someone to work up appropriate fixes. Thanks, -Kees -- Kees Cook Ubuntu Security Team ------------------------------------------------------------- -- Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
CVE-2010-2803
The leakage bug was introduced in 2.6.24. I've backported the leakage patch to: SLE11 openSUSE 11.2 SLE11 SP1 openSUSE 11.3 Moblin and SLERT may be affected. I've backported the fix for userspace underallocating a buffer to openSUSE 11.3 and SLE11 SP1. I don't think it's worth backporting to other releases.
The SWAMPID for this issue is 35638. This issue was rated as moderate. Please submit fixed packages until 2010-09-17. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Applied Jeff's backports to SLE11-RT-SP1, re-adding the relevant hunks he dropped.
Update released for: btrfs-kmp-default, btrfs-kmp-ppc64, cluster-network-kmp-default, cluster-network-kmp-ppc64, ext4dev-kmp-default, ext4dev-kmp-ppc64, gfs2-kmp-default, gfs2-kmp-ppc64, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-kdump, kernel-kdump-debuginfo, kernel-kdump-debugsource, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra Products: SLE-DEBUGINFO 11-SP1 (ppc64) SLE-HAE 11-SP1 (ppc64) SLE-SERVER 11-SP1 (ppc64)
Update released for: btrfs-kmp-default, cluster-network-kmp-default, ext4dev-kmp-default, gfs2-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra Products: SLE-DEBUGINFO 11-SP1 (ia64) SLE-HAE 11-SP1 (ia64) SLE-SERVER 11-SP1 (ia64)
Update released for: btrfs-kmp-default, btrfs-kmp-pae, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-pae, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-desktop-devel, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-extra Products: SLE-DEBUGINFO 11-SP1 (i386) SLE-DESKTOP 11-SP1 (i386) SLE-HAE 11-SP1 (i386) SLE-SERVER 11-SP1 (i386) SLES4VMWARE 11-SP1 (i386)
A SUSE Linux Enterprise 11 SP1 kernel update was released that mentions/fixes this bug. The released version is 2.6.32.19-0.2.1.
Update released for: btrfs-kmp-default, cluster-network-kmp-default, ext4dev-kmp-default, gfs2-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-man Products: SLE-DEBUGINFO 11-SP1 (s390x) SLE-HAE 11-SP1 (s390x) SLE-SERVER 11-SP1 (s390x)
Update released for: btrfs-kmp-default, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-xen, hyper-v-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra Products: SLE-DEBUGINFO 11-SP1 (x86_64) SLE-DESKTOP 11-SP1 (x86_64) SLE-HAE 11-SP1 (x86_64) SLE-SERVER 11-SP1 (x86_64) SLES4VMWARE 11-SP1 (x86_64)
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra Products: SLE-SERVER 11-EXTRA (i386)
Update released for: kernel-default-extra Products: SLE-SERVER 11-EXTRA (s390x)
Update released for: kernel-default-extra, kernel-xen-extra Products: SLE-SERVER 11-EXTRA (x86_64)
Update released for: kernel-default-extra, kernel-ppc64-extra Products: SLE-SERVER 11-EXTRA (ppc64)
Update released for: kernel-default-extra Products: SLE-SERVER 11-EXTRA (ia64)
Update released for: kernel-debug, kernel-debug-base, kernel-debug-base-debuginfo, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-default, kernel-default-base, kernel-default-base-debuginfo, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-desktop, kernel-desktop-base, kernel-desktop-base-debuginfo, kernel-desktop-debuginfo, kernel-desktop-debugsource, kernel-desktop-devel, kernel-desktop-devel-debuginfo, kernel-devel, kernel-pae, kernel-pae-base, kernel-pae-base-debuginfo, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-base-debuginfo, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-vanilla, kernel-vanilla-base, kernel-vanilla-base-debuginfo, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-vanilla-devel, kernel-vanilla-devel-debuginfo, kernel-xen, kernel-xen-base, kernel-xen-base-debuginfo, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, preload-kmp-default, preload-kmp-desktop Products: openSUSE 11.3 (debug, i586, x86_64)
Update released for: kernel-debug, kernel-debug-base, kernel-debug-base-debuginfo, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-default, kernel-default-base, kernel-default-base-debuginfo, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-desktop, kernel-desktop-base, kernel-desktop-base-debuginfo, kernel-desktop-debuginfo, kernel-desktop-debugsource, kernel-desktop-devel, kernel-desktop-devel-debuginfo, kernel-pae, kernel-pae-base, kernel-pae-base-debuginfo, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-base-debuginfo, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-vanilla, kernel-vanilla-base, kernel-vanilla-base-debuginfo, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-vanilla-devel, kernel-vanilla-devel-debuginfo, kernel-xen, kernel-xen-base, kernel-xen-base-debuginfo, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, preload-kmp-default, preload-kmp-desktop Products: openSUSE 11.2 (debug, i586, x86_64)
Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-vmi, ext4dev-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-extra, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-vmi, kernel-vmi-base, kernel-vmi-debuginfo, kernel-vmi-debugsource, kernel-vmi-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-extra Products: SLE-DEBUGINFO 11 (i386) SLE-DESKTOP 11 (i386) SLE-HAE 11 (i386) SLE-SERVER 11 (i386)
Update released for: cluster-network-kmp-default, ext4dev-kmp-default, ext4dev-kmp-ppc64, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-kdump, kernel-kdump-debuginfo, kernel-kdump-debugsource, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-extra, kernel-source, kernel-source-debuginfo, kernel-syms Products: SLE-DEBUGINFO 11 (ppc64) SLE-HAE 11 (ppc64) SLE-SERVER 11 (ppc64)
Update released for: cluster-network-kmp-default, ext4dev-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-source, kernel-source-debuginfo, kernel-syms Products: SLE-DEBUGINFO 11 (ia64) SLE-HAE 11 (ia64) SLE-SERVER 11 (ia64)
Update released for: cluster-network-kmp-default, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-extra Products: SLE-DEBUGINFO 11 (x86_64) SLE-DESKTOP 11 (x86_64) SLE-HAE 11 (x86_64) SLE-SERVER 11 (x86_64)
Update released for: btrfs-kmp-default, cluster-network-kmp-default, drbd-kmp-default, ext4dev-kmp-default, gfs2-kmp-default, iscsitarget-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-syms, ocfs2-kmp-default, oracleasm-kmp-default, samplekmp-source Products: SLE-DEBUGINFO 11 (s390x) SLE-HAE 11 (s390x) SLE-SERVER 11 (s390x)
We just released an update for SUSE Linux Enterprise 11 GA that mentions/fixes this bug. The released kernel version is 2.6.27.54-0.2.1.
Update released for: kernel-debug, kernel-debug-base, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-extra, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-docs, kernel-kdump, kernel-kdump-debuginfo, kernel-kdump-debugsource, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-extra, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-extra, kernel-ps3, kernel-ps3-debuginfo, kernel-ps3-debugsource, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-extra, kernel-vanilla, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-extra Products: openSUSE 11.1 (debug, i586, ppc, x86_64)
Update released for: brocade-bna-kmp-rt, iscsitarget-kmp-rt, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-source-rt, kernel-source-rt-debuginfo, kernel-syms-rt, ofed-kmp-rt Products: SLE-RT 11-SP1 (x86_64)
openSUSE-SU-2013:0927-1: An update that solves 75 vulnerabilities and has 1406 fixes is now available. Category: security (low) Bug References: 176921,225091,299267,436025,439348,445872,458027,467688,468397,470671,476525,486001,501563,503038,527028,550447,550906,552250,556135,556234,556572,556959,557479,557710,560420,560454,561811,562046,562095,563905,564618,564635,564638,564640,565027,565124,565845,566332,566768,567283,567376,567474,567703,568147,568848,569050,569194,569238,569606,569687,569916,570284,570320,570492,570526,572119,572294,572661,572834,573237,573330,573401,573565,573722,573803,574006,574771,575047,575072,575073,575074,575181,575194,575199,575396,575409,575752,575884,575923,575956,576277,577203,577232,577355,577358,577529,577753,577771,577856,577937,577967,578046,578059,578429,578430,578572,578639,578927,578980,578981,579060,579111,579137,579439,579636,579639,579647,579682,580105,580140,580373,580381,580416,580793,580799,580823,580991,581057,581103,581188,581199,581567,581718,581940,582552,582643,582730,582872,582878,583022,583296,583356,583539,583677,583900,584197,584209,584218,584320,584343,584451,584453,584475,584508,584574,584617,584691,584728,584820,584875,584958,585034,585124,585179,585191,585241,585269,58529,585296,585385,585463,585490,585492,585608,585711,585743,586343,586364,586417,586684,586806,587073,587114,587125,587199,587427,587562,587669,587673,587681,587692,587739,587746,587782,588008,588929,588972,588994,589280,589449,589650,589651,589652,589654,589655,589656,589657,589660,589679,589804,589906,590154,590217,590401,590415,590585,590687,590705,590727,590856,590859,590926,590927,590937,590980,590995,590996,591039,591293,591318,591376,591377,591401,591473,591513,591556,591870,591950,592176,592472,592703,592943,593318,593319,593731,593934,594066,594131,594271,594305,594367,594391,594399,594473,594583,594586,594835,594997,595074,595215,595609,595755,595960,596031,596113,596460,596462,596646,596720,596783,596943,597120,597135,597583,597648,597650,598246,598253,598270,598308,598493,598553,598677,598837,599279,599671,599814,599955,600043,600256,600261,600364,600375,600516,600535,600579,600983,601168,601198,602150,602208,602232,602514,602838,602852,602969,602980,603148,603205,603387,603411,603464,603510,603528,603738,604183,605001,605321,605686,605947,606575,606743,606778,606797,606977,607123,607339,607448,607628,607890,608435,608478,609172,609196,609281,609506,610783,611094,611104,611760,612009,612407,612729,613171,613330,613542,613906,614226,614332,614349,614793,615003,615557,615630,616080,616088,616369,616464,616612,617248,617437,617464,618059,618072,618379,618424,618444,618767,619002,619007,619525,619536,619840,620020,620021,620443,620654,620904,620929,621203,621598,621715,622597,622635,622727,622868,623307,624020,624072,624340,624436,624814,624850,625167,625666,625674,626321,626880,627060,627386,627518,628180,628554,628604,629170,629263,629552,630068,630121,630132,630970,631075,631801,632317,632568,632974,632975,633026,633268,633543,633581,633585,633593,633733,634637,635425,635515,636435,636461,636561,636672,636850,637436,637502,637542,637639,637944,638258,638274,638277,638400,638613,638618,638807,638860,639161,639197,639728,639803,639944,640276,640278,640850,640878,641247,642009,642309,642313,642314,642449,642486,643173,643249,643266,643477,643513,643909,643914,643922,644219,644350,644373,644630,645659,645893,646045,646226,646542,646702,647392,647497,647567,647775,648112,648308,648647,648701,648916,649000,649187,649231,649257,649355,649473,649548,649820,650067,650109,650111,650113,650116,650185,650309,650366,650487,650545,650748,650897,651152,651218,651596,651599,651626,652024,652293,652391,652563,652603,652842,652939,652940,652945,653148,653258,653266,653800,653850,653930,654150,654169,654350,654501,654530,654581,654701,654837,654967,655027,655220,655278,655434,655964,655973,656219,656471,656587,657248,657324,657350,657412,657415,657763,658037,658254,658337,658353,658413,658461,658464,658551,658829,659101,659144,659394,659419,660507,660546,661605,662031,662202,662212,662335,662340,662360,662432,662673,662722,662800,662931,663313,663513,663537,663582,663678,663706,664149,664463,665480,665499,665524,665663,666012,666836,666842,666893,667226,667766,668483,668545,668633,668872,668895,668896,668898,668927,669058,669571,669740,670129,670154,670465,670615,670816,670864,670868,670979,671256,671274,671296,671479,671483,671943,672292,672453,672492,672923,673516,674189,674549,675115,675127,675963,676419,676890,677286,677391,677398,677563,677783,678531,678728,679301,679812,680809,680814,680845,681242,682076,682251,682319,682333,682482,682755,682940,682941,683107,683282,683569,684085,684297,684472,684852,684927,685226,685276,686325,686404,686702,686813,686921,686980,687046,687049,687065,687068,687478,687759,687760,687789,688326,688912,688996,689227,689230,689290,689435,689436,689596,689746,690073,690082,690611,690683,691216,691269,691408,691536,691538,691632,691633,691693,691714,691742,691829,691979,692343,692454,692459,692460,692709,693149,693513,693636,694963,694966,695066,695067,695243,695605,695898,696107,696586,697255,697777,697783,697913,697942,697944,698050,698053,698102,698269,698272,698524,698540,698548,698572,698604,698774,698776,698779,698793,698797,698801,698803,698949,699085,699087,699089,699092,699265,699354,699495,699534,699687,699701,699703,699842,699916,699946,699950,699990,700009,700080,700084,7000995,700332,700391,700401,700445,700448,700512,700514,700632,700637,700638,700777,700856,701163,701170,701183,701198,701622,701686,701977,702133,702384,702470,702604,702651,702736,702832,702838,703013,703100,703156,703204,703422,703426,703653,703786,704163,704280,704361,704592,704917,704957,705433,705472,705487,705551,705906,705962,706131,706410,706472,706473,706485,706557,706587,706696,706821,706838,706841,706882,706913,707094,707270,707389,707666,707988,708160,708204,708269,708274,708296,708376,708635,708636,708720,708730,708809,708836,709063,709064,709068,709075,709266,709269,709300,709332,709467,709528,709866,709974,710352,710790,710868,710969,711201,711285,711297,711378,711519,711566,711592,711684,711765,712404,712405,712420,712899,713134,713148,713448,713490,713675,713707,714096,714106,714215,714274,714552,714604,714605,714643,714786,714789,714911,715031,715496,715635,716023,716708,716850,716970,716971,717142,717160,717248,717263,717372,717500,717573,717574,717797,717840,717848,717884,717996,718149,718160,718165,718265,718279,718366,718401,718518,718521,718551,718831,718863,718910,718918,718936,718950,719029,719079,719090,719280,719296,719408,719592,719645,719693,719846,719911,719943,720075,720353,720451,720456,720457,720458,720459,720460,720536,720661,720674,720741,720750,720753,720946,720960,720996,721007,721042,721045,721206,721212,721239,721246,721337,721410,721464,721517,721587,721738,721840,721857,721874,722092,722260,722265,722414,722433,722437,722449,722560,722569,722635,722640,722646,722793,722795,722993,723008,723171,723597,723884,724014,724133,724227,724544,724577,724616,724620,724734,724800,724865,724906,725077,725208,725344,725346,725350,725355,725424,725592,725594,725709,725836,725878,726023,726075,726156,726176,726214,726309,726333,726400,726504,726699,726703,726710,726850,726999,727250,727324,727367,727415,727453,727493,727611,727638,727650,727793,727814,728035,728043,728086,728195,728329,728597,728626,729122,729466,729518,729548,7297470,729789,729840,729854,730103,730117,730265,730440,730660,730731,730749,731009,731029,731035,731261,731387,73149,731701,731739,731770,731809,731945,731999,732070,732082,732132,732178,732296,732335,732371,732471,732535,732582,733236,733248,733270,733390,733435,733543,733702,733761,733822,733863,734213,734522,734526,734771,734900,735216,735277,735369,735417,735543,735765,735800,735909,736018,736079,736182,736255,736257,736669,736743,736896,737328,737574,737833,737969,738056,738117,738210,738284,738400,738421,738528,738567,738583,738597,738679,738742,739020,739111,739356,739381,739728,739837,739856,740180,740281,740291,740347,740780,740866,740898,740969,740997,741117,741191,741478,741814,741824,741863,742181,742210,742279,742353,742570,742845,742871,743212,743232,743518,743579,743735,743978,744198,744206,744253,744314,744315,744392,744400,744404,744652,744655,744692,744758,744795,744963,745088,745400,745422,745424,745741,745867,745876,745929,746373,746454,746509,746526,746579,746717,746938,747071,747159,747404,747867,747878,747944,748112,748384,748456,748463,748629,748632,748806,748827,748854,748862,748896,749049,749115,749417,749543,749651,749787,749980,750041,750173,750402,750426,750459,750995,751015,751171,751322,751550,751743,751885,751903,751916,752022,752067,752352,752408,752484,752544,752599,752634,752972,753172,753353,753617,753698,754052,754085,754391,754428,754670,754690,754898,754969,755178,755537,755620,755758,755812,756050,756236,756276,756585,756821,756940,757059,757077,757202,757205,757289,757315,757373,757517,757565,757719,757783,757789,757950,758104,758279,758532,758540,758703,758731,758833,759336,759340,759539,759541,759657,759805,759908,759971,760015,760237,760279,760346,760806,760833,760974,761087,761158,761245,761387,761772,761774,761775,762099,762158,762214,762259,762285,762329,762366,762414,762424,762693,762991,762992,763026,763198,763267,763307,763463,763485,763628,763654,763717,763754,763858,763954,763968,764091,764150,764209,764339,764500,764717,764900,765253,765524,766027,766445,766654,766733,767281,767469,767610,767684,767983,768052,768084,768470,768504,768632,769035,769195,769251,769407,769685,770034,770238,770269,770695,770763,771102,771242,771361,771398,771428,771706,771778,772407,772420,772427,772454,772473,772483,772566,772786,772831,772893,773006,773007,773251,773267,773319,773320,773383,773406,773487,773606,773688,773699,773831,773878,774073,774289,774500,774523,774612,774859,774902,774964,774973,775182,775373,775394,775685,775984,776019,776044,776081,776095,776127,776144,776787,776896,777024,777269,777283,778082,778136,778334,778630,778822,779294,779330,779461,779462,779577,779699,779750,779969,780008,780012,780216,780461,780876,781018,781327,781484,781574,782369,782721,783965,784192,784334,784576,785100,785496,785554,785851,786976,787168,787202,787348,787821,787848,788277,788452,789010,789115,789235,789648,789703,789836,789993,790457,790498,790920,790935,791498,791853,791904,792270,792500,792656,792834,793104,793139,793593,793671,794231,794824,795354,797042,798960,799209,799275,799909,803056,804154 CVE References: CVE-2009-4537,CVE-2010-0415,CVE-2010-0622,CVE-2010-0623,CVE-2010-1173,CVE-2010-1437,CVE-2010-2798,CVE-2010-2803,CVE-2010-2943,CVE-2010-2946,CVE-2010-2959,CVE-2010-2960,CVE-2010-2962,CVE-2010-2963,CVE-2010-3015,CVE-2010-3078,CVE-2010-3079,CVE-2010-3080,CVE-2010-3084,CVE-2010-3437,CVE-2010-3699,CVE-2010-3705,CVE-2010-3861,CVE-2010-3874,CVE-2010-3875,CVE-2010-3876,CVE-2010-3877,CVE-2010-3880,CVE-2010-3881,CVE-2010-4072,CVE-2010-4073,CVE-2010-4075,CVE-2010-4076,CVE-2010-4077,CVE-2010-4082,CVE-2010-4083,CVE-2010-4157,CVE-2010-4158,CVE-2010-4160,CVE-2010-4162,CVE-2010-4163,CVE-2010-4165,CVE-2010-4169,CVE-2010-4175,CVE-2010-4243,CVE-2010-4251,CVE-2010-4258,CVE-2010-4342,CVE-2010-4529,CVE-2010-4656,CVE-2010-4668,CVE-2011-0521,CVE-2011-0710,CVE-2011-1573,CVE-2011-1593,CVE-2011-2479,CVE-2011-2494,CVE-2011-4097,CVE-2011-4127,CVE-2011-4131,CVE-2011-4622,CVE-2012-0045,CVE-2012-0056,CVE-2012-1179,CVE-2012-1601,CVE-2012-2133,CVE-2012-2372,CVE-2012-2373,CVE-2012-2390,CVE-2012-2745,CVE-2012-3412,CVE-2012-3430,CVE-2012-4461,CVE-2012-5517,CVE-2013-0871 Sources used: openSUSE 11.4 (src): drbd-8.3.11-10.1, iscsitarget-1.4.19-14.3, kernel-docs-3.0.58-30.3, kernel-source-3.0.58-30.1, kernel-syms-3.0.58-30.1, ndiswrapper-1.57rc1-16.2, omnibook-20100406-9.2, open-vm-tools-2012.8.8.1-37.2, preload-1.2-6.25.2, systemtap-1.4-1.5.1, virtualbox-4.0.12-0.54.2