Session fixation

The mpgetcount function in drivers/staging/sb105x/sbpcimp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

CVE-2013-2239

The CVE affects vzkernel in the OpenVZ modification of Linux kernel 2.6.32, where uninitialized length variables in two paths allow local information disclosure from kernel stack memory. The vulnerable components are: (1) ploop_getdevice_ioc in drivers/block/ploop/dev.c (via a crafted ploop ioctl...

CVE-2013-4515

The CVE-2013-4515 issue affects the Linux kernel (pre-3.12) in the bcm_char_ioctl path (drivers/staging/bcm/Bcmchar.c). The root cause is failure to initialize a data structure, enabling local attackers to read sensitive kernel memory via the IOCTL_BCM_GET_DEVICE_DRIVER_INFO interface. Impact is ...

CVE-2013-4516

CVE-2013-4516 affects the Linux kernel: the mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c before 3.12 does not initialize a data structure, enabling local users to read sensitive data from kernel stack memory via a TIOCGICOUNT ioctl. Reports reference the specific vulnerable code pa...

CVE-2013-2239

vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via 1 a crafted ploop driver ioctl call, related to the ploopgetdeviceioc function in...

CVE-2013-4516

The mpgetcount function in drivers/staging/sb105x/sbpcimp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

CVE-2013-4515

The bcmcharioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTLBCMGETDEVICEDRIVERINFO ioctl call...

UBUNTU-CVE-2013-4515

The bcmcharioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTLBCMGETDEVICEDRIVERINFO ioctl call...

PT-2013-5055 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.12 Description: The issue allows local users to obtain sensitive information from kernel stack memory. This is due to the mp get count function in drivers/staging/sb105x/sb pci mp.c not initializing a certain...

Debian DSA-2769-1 : kfreebsd-9 - privilege escalation/denial of service

Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-5691 Loganaden Velvindron and Gleb Smirnoff discovered that the...

FreeBSD : FreeBSD -- Insufficient credential checks in network ioctl(2) (4d87d357-202c-11e3-be06-000c29ee3065)

Problem Description : As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code. Network interface drivers, however, assume th...

CVE-2013-4343

Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAPNETADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call...

Design/Logic Flaw

Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAPNETADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call...

CVE-2013-5634

arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service NULL pointer dereference, OOPS, and host OS crash or possibly have unspecified other impact by omitting vCPU initialization before a KVMGETREGLIST ioctl call...

CVE-2013-4343

Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAPNETADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call...

CVE-2013-4343

Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAPNETADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call...

PT-2013-5702 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.10 Description: The issue affects the Linux kernel on the ARM platform when KVM is used, allowing host OS users to cause a denial of service, including a NULL pointer dereference, OOPS, and host OS crash, or...

Design/Logic Flaw

The 1 IPv6 and 2 ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service panic, or possibly gain privilege...

Debian Security Advisory DSA 2389-1 (linux-2.6 - privilege escalation/denial of service/information leak)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2183Andrea Righi reported an issue in KSM, a memory-saving de-duplication...

Kernel: cpqarray/cciss: information leak via ioctl

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via 1 a crafted IDAGETPCIINFO command for a...