kernel: drivers/serial/serial_core.c: reading uninitialized stack memory

The uartgetcount function in drivers/serial/serialcore.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service

===============================ADVISORY=============================== Advisory: Silicon Graphics Inc SGI - IRIX - Local Kernel Memory Disclosure/Denial of Service Advisory ID: DSEC-2010-0001 Author: Neil Kettle, Digit Security Ltd Affected Software: Silicon Graphics SGI IRIX Vendor URL:...

SuSE Update for kernel SUSE-SA:2010:039

Check for the Version of kernel OpenVAS Vulnerability Test SuSE Update for kernel SUSE-SA:2010:039 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Null pointer dereference

The doexit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNELDS getfs value, which allows local users to bypass intended accessok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a 1 BUG, 2 NULL pointer...

CVE-2010-4258

The doexit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNELDS getfs value, which allows local users to bypass intended accessok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a 1 BUG, 2 NULL pointer...

Design/Logic Flaw

The bcmconnect function in net/can/bcm.c aka the Broadcast Manager in the Controller Area Network CAN implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensiti...

CVE-2010-4565

The bcmconnect function in net/can/bcm.c aka the Broadcast Manager in the Controller Area Network CAN implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensiti...

CVE-2010-4565

The bcmconnect function in net/can/bcm.c aka the Broadcast Manager in the Controller Area Network CAN implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensiti...

SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7257)

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. The following security issues were fixed : - Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to...

Ubuntu: Security Advisory (USN-1023-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : linux, linux-{ec2,source-2.6.15} vulnerabilities (USN-1023-1)

Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service via a NULL pointer dereference, escalate privileges by overflowing the kernel stack, and assign Econet addresses to arbitrary interfaces. CVE-2010-3848, CVE-2010-3849,...

CVE-2010-2962

drivers/gpu/drm/i915/i915gem.c in the Graphics Execution Manager GEM in the Intel i915 driver in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory...

Design/Logic Flaw

drivers/gpu/drm/i915/i915gem.c in the Graphics Execution Manager GEM in the Intel i915 driver in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory...

CVE-2010-2963

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux V4L implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain...

kernel: drm ioctls infoleak

The drmioctl function in drivers/gpu/drm/drmdrv.c in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory...

kernel: arbitrary kernel memory write via i915 GEM ioctl

drivers/gpu/drm/i915/i915gem.c in the Graphics Execution Manager GEM in the Intel i915 driver in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory...

kernel: pktcdvd ioctl dev_minor missing range check

Integer signedness error in the pktfinddevfromminor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and system crash via a crafted index value i...

kernel: net/sched/act_police.c infoleak

The tcfactpolicedump function in net/sched/actpolice.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel...

Oracle Linux 5 Unbreakable Enterprise kernel security fix update

Following security bugs are fixed in this errata CVE-2010-3904 When copying data to userspace, the RDS protocol failed to verify that the user-provided address was a valid userspace address. A local unprivileged user could issue specially crafted socket calls to write arbitrary values into kernel...

kernel: net sched: fix some kernel memory leaks

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors relate...