SUSE CVE-2013-3237

The vsockstreamsendmsg function in net/vmwvsock/afvsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

SUSE CVE-2013-3235

net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

SUSE CVE-2013-7265

The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

SUSE CVE-2016-4486

The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

SUSE CVE-2016-4569

The sndtimeruserparams function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface...

SUSE CVE-2016-4578

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the 1 sndtimeruserccallback and 2 sndtimerusertinterrupt...

SUSE CVE-2016-4580

The x25negotiatefacilities function in net/x25/x25facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request...

SUSE CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

SUSE CVE-2017-14156

The atyfbioctl function in drivers/video/fbdev/aty/atyfbbase.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes...

SUSE CVE-2017-1000255

On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the kernel stack pointer. As part of the exception entry the content of the signa...

SUSE CVE-2018-17972

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents...

SUSE CVE-2019-15118

checkinputterm in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion...

SUSE CVE-2019-16921

In the Linux kernel before 4.17, hnsroceallocucontext in drivers/infiniband/hw/hns/hnsrocemain.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813...

SUSE CVE-2020-11494

An issue was discovered in slcbump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized canframe data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIGINITSTACKALL, aka CID-b9258a2cece4...

SUSE CVE-2022-20382

In TBD of TBD, there is a possible out of bounds write due to kernel stack overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-214245176References:...

CVE-2022-45126

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernelliteosa has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked...

Stack overflow

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernelliteosa has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked...

CVE-2022-43662

CVE-2022-43662 : OpenHarmony v3.1.4 and earlier (kernel_liteos_a) expose a kernel stack overflow in SysTimerGettime that leaks 4 bytes of kernel-stack padding to user space. Affects OpenHarmony’s kernel subsystem; impact is leakage of data with local access. Documented affected component: kernel_...

CVE-2022-45126 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime.

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernelliteosa has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked...

CVE-2022-45126 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime.

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernelliteosa has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked...