kernel: prevent heap corruption in snd_ctl_new()

Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 SNDRVCTLIOCTLELEMADD or 2...

CVE-2010-4163

The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service panic via a zero-length I/O request in a device ioctl to a SCSI device...

CVE-2010-4162

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service system crash via a crafted device ioctl to a SCSI device...

CVE-2010-4163

The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service panic via a zero-length I/O request in a device ioctl to a SCSI device...

CVE-2010-4163

The CVE-2010-4163 issue affects the Linux kernel, where blk_rq_map_user_iov in block/blk-map.c is vulnerable before version 2.6.36.2. A local attacker can trigger a denial of service (kernel panic) by submitting a zero-length I/O request via a device ioctl to a SCSI device. The description explic...

CVE-2010-4668

The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service panic via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix f...

CVE-2010-4668

CVE-2010-4668 affects the Linux kernel up to 2.6.37-rc7, where blk_rq_map_user_iov in block/blk-map.c allows a local user to trigger a panic/DoS via a zero-length I/O request to a SCSI device, due to an unaligned map. The vulnerability is tied to an incomplete fix for CVE-2010-4163. Affected vers...

CVE-2010-4163

The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service panic via a zero-length I/O request in a device ioctl to a SCSI device...

PT-2011-1466 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.36.2 Description: The issue allows local users to cause a denial of service, resulting in a system panic. This can be achieved by submitting a zero-length I/O request in a device ioctl to a SCSI device,...

IOCTL Fuzzer v1.2 Download

"IOCTL Fuzzer is a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them. The fuzzer's own driver hooks NtDeviceIoControlFile in order to take control of all IOCTL requests throughout the system. While processing IOCTLs, the...

ESTsoft ALYac Anti-Virus 1.5 < 5.0.1.2 - Local Privilege Escalation

ESTsoft ALYac Anti-Virus 1.5 with AYDrvNT.sys = 5.0.1.2 Local Kernel Mode Privilege Escalation Vulnerability AUTHOR MJ0011 EMAIL thdecoder$126.com VULNERABLE PRODUCTS ALYac Anti-Virus 1.5 DETAILS: AYDrvNT.sys create a device called "AYDrvNTALYAC" , and handles the device io control code = 0x223e2...

Linux Kernel 'drivers/scsi/gdth.c' IOCTL本地特权提升漏洞

Bugtraq ID: 44648 CVE ID：CVE-2010-4157 CNCVE ID：CNCVE-20104157 Linux是一款开放源代码的操作系统。 gdthioctlalloc接收整数类型大小变量，copyfromuser接收无符长整型大小变量。gen.datalen和gen.senselen为符长整型，在x8664上长型为64位，整数为32位。 传递超大值，内存分配会截断大小为32位而分配较小的缓冲区，在copyfromuser函数中可触发内存破坏。 RedHat Enterprise MRG v1 for Red Hat Enterprise Linux versi...

SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7257)

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. The following security issues were fixed : - Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to...

Integer overflow

Integer overflow in the iocgeneral function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service memory corruption or possibly have unspecified other impact via a large argument in an ioctl call...

kernel: gdth: integer overflow in ioc_general()

Integer overflow in the iocgeneral function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service memory corruption or possibly have unspecified other impact via a large argument in an ioctl call...

kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory

The sndhdsphwdepioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRVHDSPIOCTLGETCONFIGINFO ioctl call...

kernel: drivers/char/nozomi.c: reading uninitialized stack memory

The nttyioctltiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

kernel: arbitrary kernel memory write via i915 GEM ioctl

drivers/gpu/drm/i915/i915gem.c in the Graphics Execution Manager GEM in the Intel i915 driver in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory...

Linux Kernel 2.6.37 (RedHat Ubuntu 10.04) - Full-Nelson.c Local Privilege Escalation

Linux Kernel 2.6.37 RedHat Ubuntu 10.04 - Full-Nelson.c Local Privilege Escalation / Linux Kernel = 2.6.37 local privilege escalation by Dan Rosenberg @djrbliss on twitter Usage: gcc full-nelson.c -o full-nelson ./full-nelson This exploit leverages three vulnerabilities to get root, all of which...

kernel: prevent heap corruption in snd_ctl_new()

Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 SNDRVCTLIOCTLELEMADD or 2...