Integer overflow

Integer overflow in the btrfsioctlclone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFSIOCCLONERANGE ioctl call...

Design/Logic Flaw

The eqlgmastercfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQLGETMASTRCFG ioctl call...

CVE-2010-2538

CVE-2010-2538: Integer overflow in btrfs_ioctl_clone (fs/btrfs/ioctl.c) of the Linux kernel before 2.6.35 may allow local users to obtain sensitive information via BTRFS_IOC_CLONE_RANGE. Public references confirm impact on local privilege/user data exposure with no remote vector. Affected compone...

CVE-2010-2538

Integer overflow in the btrfsioctlclone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFSIOCCLONERANGE ioctl call...

CVE-2010-3297

The eqlgmastercfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQLGETMASTRCFG ioctl call...

CVE-2010-3297

CVE-2010-3297 affects the Linux kernel net/eql driver; the eql_g_master_cfg function in drivers/net/eql.c did not initialize a structure member, enabling local users to read kernel stack memory via an EQL_GETMASTRCFG ioctl. Affects kernels before 2.6.36-rc5; corrected in subsequent patches (net/e...

CVE-2010-2537

CVE-2010-2537 affects the Linux kernel’s btrfs_ioctl_clone path: the btrfs_ioctl_clone function in fs/btrfs/ioctl.c before 2.6.35 allows a local attacker to overwrite an append‑only file when using BTRFS_IOC_CLONE or BTRFS_IOC_CLONE_RANGE with a donor file. Impact is local privilege/unauthorized ...

CVE-2010-2537

The btrfsioctlclone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a 1 BTRFSIOCCLONE or 2 BTRFSIOCCLONERANGE ioctl call that specifies this file as a donor...

CVE-2010-3297

The eqlgmastercfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQLGETMASTRCFG ioctl call...

Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure

Exploit for linux platform in category local exploits ========================================================== Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=638085 The PKTCTRLCMDSTATUS device ioctl retrieves a pointer to a pktcdvddevice from the...

CVE-2010-3296

The cxgbextensionioctl function in drivers/net/cxgb3/cxgb3main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIOGETQSETNUM ioctl call...

CVE-2010-2530

Multiple integer signedness errors in smbsubr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service panic via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a 1 SMBIOCLOOKUP or 2...

Integer overflow

Multiple integer signedness errors in smbsubr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service panic via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a 1 SMBIOCLOOKUP or 2...

CVE-2010-2530

Multiple integer signedness errors in smbsubr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service panic via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a 1 SMBIOCLOOKUP or 2...

Linux Kernel &lt; 2.6.36-rc6 (RedHat / Ubuntu 10.04) - &#039;pktcdvd&#039; Kernel Memory Disclosure

/ cve-2010-3437.c Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=638085 The PKTCTRLCMDSTATUS device ioctl retrieves a pointer to a pktcdvddevice from the global pktdevs array. The index into this array is provided directly by the user and is a signed...

SuSE9 Security Update : the Linux kernel (YOU Patch Number 12646)

This updates the SUSE Linux Enterprise Server 9 kernel to fix various security issues and some bugs. The following security bugs were fixed : - Incorrect buffer handling in the biarch-compat buffer handling could be used by local attackers to gain root privileges. This problem affects foremost...

CVE-2010-3078

The xfsiocfsgetxattr function in fs/xfs/linux-2.6/xfsioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call...

Design/Logic Flaw

The xfsiocfsgetxattr function in fs/xfs/linux-2.6/xfsioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call...

Kingsoft Antivirus 'kavfm.sys' Buffer overflow Vulnerability

Kingsoft Antivirus is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-3396

Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information...