CVE-2009-4021

The fusedirectio function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service invalid pointer dereference and OOPS via vectors possibly related to a memory-consumption attack...

CVE-2009-4021

The fusedirectio function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service invalid pointer dereference and OOPS via vectors possibly related to a memory-consumption attack...

Linux Kernel 'fuse_direct_io()'非法指针引用本地拒绝服务漏洞

Bugraq ID: 37069 Linux是一款开放源代码的操作系统。 fusedirectio函数包含一个循环在每个迭代中请求分配，如果分配失败，循环就会退出并导致fuseputrequest引用非法指针。 当系统内存不足和fuserequestalloc函数从fusegetreq调用失败时可触发此漏洞，fuseputrequest函数之后会引用返回的非法指针，导致内核触发OOPS。 Linux kernel 2.6.31 5 Linux kernel 2.6.31 .2 Linux kernel 2.6.31 -rc7 Linux kernel 2.6.31 -rc6 +...

CVE-2009-3888

The dommappgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service OOPS via an application that attempts to allocate a large amount of memory...

CVE-2009-3624

The getinstantiationkeyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service OOPS via vectors involving calls to this...

Mandriva Linux Security Advisory : kernel (MDVSA-2009:289)

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easi...

Integer overflow

Integer signedness error in the ax25setsockopt function in net/ax25/afax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service OOPS via a crafted optlen value in an SOBINDTODEVICE operation...

CVE-2009-2909

Integer signedness error in the ax25setsockopt function in net/ax25/afax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service OOPS via a crafted optlen value in an SOBINDTODEVICE operation...

Null pointer dereference

The ddelete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service kernel OOPS and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a...

CVE-2009-2908

CVE-2009-2908 affects the Linux kernel 2.6.31: the d_delete function in fs/ecryptfs/inode.c can lead to a negative dentry and a NULL pointer dereference. Local users can cause a kernel OOPS and potentially execute arbitrary code; exploitation demonstrated via a Mutt temporary directory in an eCry...

Null pointer dereference

The sgbuildindirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service kernel OOPS and NULL pointer dereference, as demonstrated by using xcdroast to duplicate a CD...

kernel: ext4: ext4_fill_super() missing validation issue

The ext4fillsuper function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service NULL pointer dereference and OOPS by attempting to mount a crafted ext4...

openSUSE Security Update : kernel (kernel-270)

This patch updates the openSUSE 11.0 kernel to the 2.6.25.18 stable release. It also includes bugfixes and security fixes : CVE-2008-4410: The vmiwriteldtentry function in arch/x86/kernel/vmi32.c in the Virtual Machine Interface VMI in the Linux kernel 2.6.26.5 invokes writeidtentry where...

kernel security and bug fix update

2.6.9-89.0.3.0.1.EL - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - backout patch sysrq-b that queues upto keventd thread Guru Anbalagane orabug 6125546 - netrx/netpoll race avoidanc...

kernel: xen: local denial of service

The hypervisorcallback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service kernel oops of the guest OS by triggering a segmentation fault in "certain address ranges."...

Linux Kernel RTL8169 NIC远程拒绝服务漏洞

Bugraq ID: 35281 CVE ID：CVE-2009-1389 CNCVE ID：CNCVE-20091389 Linux是一款开放源代码的操作系统。 Linux RTL8169驱动存在设计错误，远程攻击者可以利用漏洞使内核触发OOPs，导致拒绝服务攻击。 RTL8169 GigE卡默认配置MTU为1500字节，发送单个包超过1500字节的报文，可导致驱动处理时破坏内核内存，造成OOPs。 Linux kernel 2.6.30 rc6 Linux kernel 2.6.30 -rc5 Linux kernel 2.6.30 -rc3 Linux kernel 2.6.30...

kernel security and bug fix update

2.6.9-78.0.22.0.1.EL - xen fix for hung JVM thread after GPF orabug 7916406 Chuck Anderson - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mt...

Code injection

fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service OOPS via a long filename, related to the encodelookup function...

CVE-2009-1336

fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service OOPS via a long filename, related to the encodelookup function...

CVE-2009-0935

CVE-2009-0935 affects Linux kernel inotify_read across 2.6.27–2.6.27.13, 2.6.28–2.6.28.2, and 2.6.29-rc3. The issue allows local users to trigger a denial of service (OOPS) by reading with an invalid address to an inotify instance, causing the event list mutex to be unlocked twice and preventing ...