105 matches found
CVE-2016-5854
CVE-2016-5854 involves a kernel information disclosure in Qualcomm SPCom driver components across Android for MSM, Firefox OS for MSM, and QRD Android. The underlying issue is that kernel heap memory can be exposed to userspace, enabling local information disclosure. Public documents list the aff...
CVE-2016-5854
In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace...
SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2976-1)
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. For the PowerPC64 a new 'bigmem' flavor has been added to support big Power machines. FATE319026 The following security bugs were fixed : - CVE-2016-7042: The prockeysshow function in security/keys/proc....
CVE-2016-4998
The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted...
CVE-2016-4998
The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted...
Updated kernel-linus packages fix multiple vulnerabilities
Updated kernel-linus provides upstream 3.12.20 kernel and fixes the following security issues: The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of...
CVE-2014-1738
The rawcmdcopyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...
DEBIAN-CVE-2014-1738
The rawcmdcopyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...
CVE-2014-1738
The rawcmdcopyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...
Design/Logic Flaw
The rawcmdcopyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...
CVE-2014-1738
CVE-2014-1738 is a Linux kernel vulnerability in the floppy driver (raw_cmd_copyout) where processing FDRAWCMD IOCTL calls could allow local attackers with write access to /dev/fd to read kernel heap memory. The flaw is described as an improper restriction of pointers during FDRAWCMD processing, ...
UBUNTU-CVE-2014-1738
The rawcmdcopyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...
CVE-2014-1738
The rawcmdcopyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...
Kernel: udf: information leak on export
The udfencodefh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application...
CVE-2013-2234
The 1 keynotifysaflush and 2 keynotifypolicyflush functions in net/key/afkey.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of ...
CVE-2013-2237
The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...
CVE-2013-2234
The 1 keynotifysaflush and 2 keynotifypolicyflush functions in net/key/afkey.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of ...
PT-2013-3612 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.9 Description: The issue concerns the key notify policy flush function in the Linux kernel, which fails to initialize a certain structure member. This allows local users to obtain sensitive information from...
PT-2013-3611 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.10 Description: The issue affects the Linux kernel, where the key notify sa flush and key notify policy flush functions in net/key/af key.c do not properly initialize certain structure members. This allows loc...
CVE-2013-3953
The machportspaceinfo function in osfmk/ipc/machdebug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call...