XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow

+--------------------------------------------------------------------+ | XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow | +--------------------------------------------------------------------+ Vulnerable versions: - linux kernel 2.6.18 = Testbed: ubuntu Type: Local Impact: Mediu...

UBUNTU-CVE-2013-6380

The aacsendrawsrb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service invalid pointer dereference or possibly have unspecified other impact via an FSACTLSENDRAWSRB ioc...

UBUNTU-CVE-2013-6383

The aaccompatioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAPSYSRAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call...

PT-2013-1030 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.12.1 Description: The issue is related to the aac send raw srb function in the Linux kernel, which does not properly validate a certain size value. This can be exploited by local users with CAP SYS ADMIN...

CVE-2013-6832

The nandioctl function in sys/dev/nand/nandgeom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call...

CVE-2013-6834

The qleioctl function in sys/dev/qlxgbe/qlioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call...

Design/Logic Flaw

The qleioctl function in sys/dev/qlxgbe/qlioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call...

Design/Logic Flaw

The nandioctl function in sys/dev/nand/nandgeom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call...

CVE-2013-6834

The qleioctl function in sys/dev/qlxgbe/qlioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call...

CVE-2013-6833

The qlseioctl function in sys/dev/qlxge/qlsioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call...

CVE-2013-6832

The CVE-2013-6832 issue affects FreeBSD 10 and earlier kernels where the nand_ioctl function in sys/dev/nand/nand_geom.c (nand driver) fails to properly initialize a data structure, enabling local users to read sensitive kernel memory via a crafted ioctl. Connected documents corroborate a similar...

CVE-2013-6834

Removed by vendor...

Linux Kernel bt8xx Video Driver IOCTL Heap Overflow Vulnerability

The bt8xx video driver in the Linux kernel suffers from an integer overflow that can trigger a kernel panic. Kernel versions 2.6.18 and below are affected. +--------------------------------------------------------------------+ | XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow |...

FreeBSD 10 qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak

The qlxge/qlxgbe driver in FreeBSD versions 10 and below has vulnerabilities that leak arbitrary kernel memory to the userspace. XADV-2013006 FreeBSD site: http://www.x90c.org References: 1 http://fxr.watson.org/fxr/source/dev/qlxge/README.txt?v=FREEBSD10 2...

FreeBSD 10 nand Driver IOCTL Kernel Memory Leak Bug

The nand driver in FreeBSD versions 10 and below has a vulnerability that leaks arbitrary kernel memory to the userspace. XADV-2013005 FreeBSD 10 site: http://www.x90c.org References: 1 http://www.unix.com/man-page/freebsd/9/malloc/ 2...

CVE-2013-4515

The bcmcharioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTLBCMGETDEVICEDRIVERINFO ioctl call...

DEBIAN-CVE-2013-4515

The bcmcharioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTLBCMGETDEVICEDRIVERINFO ioctl call...

CVE-2013-4516

The mpgetcount function in drivers/staging/sb105x/sbpcimp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

CVE-2013-4516

The mpgetcount function in drivers/staging/sb105x/sbpcimp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

Design/Logic Flaw

vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via 1 a crafted ploop driver ioctl call, related to the ploopgetdeviceioc function in...