CVE-2013-1928

The dovideosetspupalette function in fs/compatioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEOSETSPUPALETTE ioctl call on a /dev/dvb device...

kernel: bluetooth HIDP implementation information disclosure

The hidpsetuphid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call...

PonyOS 0.4.99-mlp - Multiple Vulnerabilities

Advisory: PonyOS Security Issues John Cartwright Introduction ------------ Like countless others, I was pretty excited about PonyOS yesterday April 1st 2013 and decided to give it a go. After wasting a lot of time nyan'ing, I knew this was the future of desktop OSes. However, I wondered how secur...

kernel: block: default SCSI command filter does not accomodate commands overlap across device classes

block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...

Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1083-1)

Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. CVE-2010-3904 Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service...

UBUNTU-CVE-2012-4542

block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...

Authorization

block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...

CVE-2012-4542

block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...

Design/Logic Flaw

The hidpsetuphid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call...

CVE-2012-4542

CVE-2012-4542 describes a Linux kernel local access issue in block/scsi_ioctl.c (up to kernel 3.8) where SCSI command authorization does not properly account for the SCSI device class, allowing a local attacker to bypass access restrictions via SG_IO ioctl with overlapping opcodes. Public referen...

UBUNTU-CVE-2013-0349

The hidpsetuphid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call...

CVE-2013-0349

The hidpsetuphid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call...

RHEL 6 : kernel (RHSA-2012:1541)

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...

RHEL 5 : kernel (RHSA-2012:0358)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0358 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: Using...

CVE-2012-4461

CVE-2012-4461 overview: The Linux kernel KVM subsystem (pre-3.6.9) on hosts using qemu userspace without XSAVE is vulnerable. A local attacker can trigger a denial of service (kernel OOPS) by calling KVM_SET_SREGS to enable the X86_CR4_OSXSAVE bit in the guest CR4, then issuing KVM_RUN. The conne...

Ubuntu: Security Advisory (USN-1648-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1649-1: Linux kernel (OMAP4) vulnerabilities

Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. CVE-2012-0957 Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cau...

CVE-2012-4461

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service kernel OOPS by using the KVMSETSREGS ioctl to set the X86CR4OSXSAVE bit in the guest cr4 register, then calling the KVMRUN ioctl...

Code injection

The 1 dosiocgstamp and 2 dosiocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service system crash via a crafted ioctl call...

CVE-2012-4467

The 1 dosiocgstamp and 2 dosiocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service system crash via a crafted ioctl call...