SUSE CVE-2007-0997

Race condition in the tee systee system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service system crash, obtain sensitive information kernel memory contents, or gain privileges via unspecified vectors related to a potentially dropped ipipe lock...

SUSE CVE-2007-1000

The ipv6getsockoptsticky function in net/ipv6/ipv6sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference...

SUSE CVE-2007-1353

The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copyfromuser function accessing an uninitialized stack buffer...

SUSE CVE-2007-2831

Array index error in the 1 ieee80211ioctlgetwmmparams and 2 ieee80211ioctlsetwmmparams functions in net80211/ieee80211wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service system crash, possibly obtain kernel memory contents, and possibly execute arbitrary code via ...

SUSE CVE-2007-2875

Integer underflow in the cpusettasksread function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file...

SUSE CVE-2007-3739

mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service OOPS via unspecified vectors...

SUSE CVE-2007-4571

The sndmemprocread function in sound/core/memalloc.c in the Advanced Linux Sound Architecture ALSA in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information kernel memory contents via a small count argument, as demonstrate...

SUSE CVE-2008-0009

The vmsplicetouser function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations...

SUSE CVE-2008-0010

The copyfromusermmapsem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations...

SUSE CVE-2008-5396

Array index error in the 1 torisa.c and 2 dahdi/tor2.c drivers in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZTSPANCONFIG...

SUSE CVE-2008-5744

Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...

SUSE CVE-2009-0676

The sockgetsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SOBSDCOMPAT getsockopt request...

SUSE CVE-2009-0787

The ecryptfswritemetadatatocontents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory...

SUSE CVE-2010-1083

The processcomplcompat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensiti...

SUSE CVE-2010-1446

arch/powerpc/mm/fslbookemmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory, related to Fsl booke...

SUSE CVE-2010-2803

The drmioctl function in drivers/gpu/drm/drmdrv.c in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory...

SUSE CVE-2010-3297

The eqlgmastercfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQLGETMASTRCFG ioctl call...

SUSE CVE-2010-3875

The ax25getname function in net/ax25/afax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure...

SUSE CVE-2010-4565

The bcmconnect function in net/can/bcm.c aka the Broadcast Manager in the Controller Area Network CAN implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensiti...

SUSE CVE-2010-4655

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAPNETADMIN capability for an ethtool ioctl call...