51 matches found
kernel: Use-after-free in sys_mq_notify()
A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mqnotify function, a local attacker could potentially use this flaw to escalate their privileges on the system...
SuSE 10 Security Update : the Linux Kernel (x86_64) (ZYPP Patch Number 6730)
This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraidsas driver was worldwriteable, allowing local users to cause a denial of service or potential code...
kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7
The tcffillnode function in net/sched/clsapi.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcmpad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified...
CVE-2009-3612
The tcffillnode function in net/sched/clsapi.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcmpad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified...
CVE-2005-4881
The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the 1 tcfillqdisc, 2...
CVE-2005-4881
The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the 1 tcfillqdisc, 2...
Code injection
The tcffillnode function in net/sched/clsapi.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcmpad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified...
CVE-2009-3612
The tcffillnode function in net/sched/clsapi.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcmpad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified...
CVE-2009-3612
CVE-2009-3612 affects the Linux kernel’s net/sched/cls_api.c tcf_fill_node in the netlink subsystem. The issue is that a tcm__pad2 structure member is not initialized, potentially allowing local attackers to read sensitive kernel memory. Affected: kernel 2.6.x prior to 2.6.32-rc5 and 2.4.37.6 and...
CVE-2005-4881
The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the 1 tcfillqdisc, 2...
CVE-2009-3612
The tcffillnode function in net/sched/clsapi.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcmpad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified...