kernel: CAN info leak

The bcmconnect function in net/can/bcm.c aka the Broadcast Manager in the Controller Area Network CAN implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensiti...

kernel: missing tty ops write function presence check in hci_uart_tty_open()

The hciuartttyopen function in the HCI UART driver drivers/bluetooth/hcildisc.c in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service NULL pointer dereference via vectors related to the...

CVE-2010-4242

The hciuartttyopen function in the HCI UART driver drivers/bluetooth/hcildisc.c in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service NULL pointer dereference via vectors related to the...

CVE-2010-3858

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...