Kernel: net: information leak in AF_KEY notify

The 1 keynotifysaflush and 2 keynotifypolicyflush functions in net/key/afkey.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of ...

CVE-2013-6282

The 1 getuser and 2 putuser API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against...

UBUNTU-CVE-2013-6282

The 1 getuser and 2 putuser API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against...

CVE-2013-6282

The 1 getuser and 2 putuser API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against...

PT-2013-5986 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 3.5.5 Description: The issue arises from improper input validation in the Linux kernel, specifically in the 1 get user and 2 put user API functions on the v6k and v7 ARM platforms. This allows attackers to read ...

Ubuntu Update for linux USN-2017-1

Check for the Version of linux OpenVAS Vulnerability Test $Id: gbubuntuUSN20171.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for linux USN-2017-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; yo...

FreeBSD 10 qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak

The qlxge/qlxgbe driver in FreeBSD versions 10 and below has vulnerabilities that leak arbitrary kernel memory to the userspace. XADV-2013006 FreeBSD site: http://www.x90c.org References: 1 http://fxr.watson.org/fxr/source/dev/qlxge/README.txt?v=FREEBSD10 2...

FreeBSD 10 nand Driver IOCTL Kernel Memory Leak Bug

The nand driver in FreeBSD versions 10 and below has a vulnerability that leaks arbitrary kernel memory to the userspace. XADV-2013005 FreeBSD 10 site: http://www.x90c.org References: 1 http://www.unix.com/man-page/freebsd/9/malloc/ 2...

CVE-2013-3887

CVE-2013-3887 describes a local information-disclosure flaw in the Ancillary Function Driver (afd.sys) across multiple Windows kernels (XP SP2, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, Server 2012). The root cause is improper copy operations in afd.sys that allow a local atta...

Microsoft Windows Ancillary Function Driver Information Disclosure Vulnerability (2875783)

This host is missing an important security update according to Microsoft Bulletin MS13-093 SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

DEBIAN-CVE-2013-4515

The bcmcharioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTLBCMGETDEVICEDRIVERINFO ioctl call...

CVE-2013-4515

The CVE-2013-4515 issue affects the Linux kernel (pre-3.12) in the bcm_char_ioctl path (drivers/staging/bcm/Bcmchar.c). The root cause is failure to initialize a data structure, enabling local attackers to read sensitive kernel memory via the IOCTL_BCM_GET_DEVICE_DRIVER_INFO interface. Impact is ...

CVE-2013-4515

The bcmcharioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTLBCMGETDEVICEDRIVERINFO ioctl call...

UBUNTU-CVE-2013-4511

Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the 1 au1100fbfbmmap function in...

UBUNTU-CVE-2013-4515

The bcmcharioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTLBCMGETDEVICEDRIVERINFO ioctl call...

Microsoft Windows Ancillary Function Driver CVE-2013-3887 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. An attacker can leverage this issue to disclose kernel memory and obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 7 for x64-based Systems SP1 Microsoft...

PT-2013-5055 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.12 Description: The issue allows local users to obtain sensitive information from kernel stack memory. This is due to the mp get count function in drivers/staging/sb105x/sb pci mp.c not initializing a certain...

PT-2013-4717 · Microsoft · Windows Server 2003 +7

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows Server 2012 Description: An information disclosu...

Ubuntu: Security Advisory (USN-1996-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for linux-lts-quantal USN-1994-1

Check for the Version of linux-lts-quantal OpenVAS Vulnerability Test $Id: gbubuntuUSN19941.nasl 8448 2018-01-17 16:18:06Z teissa $ Ubuntu Update for linux-lts-quantal USN-1994-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This...