RHEL 6 : kernel (RHSA-2014:0159)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Kernel: net: leakage of uninitialized memory to user-space via recv syscalls

The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, or 3 recvmsg system call, related to net/ipv4/ping.c,...

CVE-2013-4739

The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via 1 a crafted MSMMCRIOCTLEVTGET ioctl call, related to...

UBUNTU-CVE-2013-4739

The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via 1 a crafted MSMMCRIOCTLEVTGET ioctl call, related to...

Design/Logic Flaw

The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via 1 a crafted MSMMCRIOCTLEVTGET ioctl call, related to...

CVE-2013-7281

The dgramrecvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2...

DEBIAN-CVE-2013-7264

The l2tpiprecvmsg function in net/l2tp/l2tpip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

CVE-2013-7265

The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

Information disclosure

The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

CVE-2013-7265

The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

CVE-2013-7264

The l2tpiprecvmsg function in net/l2tp/l2tpip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

Design/Logic Flaw

The genlockdevioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive...

UBUNTU-CVE-2013-6392

The genlockdevioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive...

Kernel: llc: information leak via getsockname

The llcuigetname function in net/llc/afllc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument...

CVE-2013-4516

The mpgetcount function in drivers/staging/sb105x/sbpcimp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

CVE-2013-2239

vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via 1 a crafted ploop driver ioctl call, related to the ploopgetdeviceioc function in...

CVE-2013-5209

Removed by vendor...

CVE-2013-5209

The sctpsendinitiateack function in sys/netinet/sctpoutput.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by readi...

SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 7991 / 7992 / 7994)

The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to 3.0.82 and to fix various bugs and security issues. The following security issues have been fixed : - The chaseport function in drivers/usb/serial/ioti.c in the Linux kernel allowed local users to cause a denial of service NUL...

kernel: Information leak in the Data Center Bridging (DCB) component

net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...