OpenSSL 1.0.1 < 1.0.1t / 1.0.2 < 1.0.2h Multiple Vulnerabilities

Binary data 9390.prm...

The vulnerability of the OpenSSL software allows a malicious attacker to compromise the confidentiality of protected information.

The vulnerability exists in the OBJobj2txt function in crypto/objects/objdat.c of OpenSSL. This vulnerability arises due to the absence of the '\0' character. Exploiting this vulnerability allows attackers to access confidential information from the stack memory of the process, by using the outpu...

The vulnerability of the Linux operating system allows a malicious individual to gain access to confidential information from the kernel’s stack memory.

A vulnerability exists in the ccid3hctxgetsockopt function in the Linux kernel’s net/dccp/ccids/ccid3.c file, due to the lack of initialization for certain structures. Exploiting this vulnerability allows local users to access confidential information from the kernel’s stack memory through a...

The vulnerability of the Linux operating system allows a malicious individual to gain access to confidential information from the kernel’s stack memory.

The vulnerability exists in the Linux kernel’s Bluetooth protocol stack due to improper initialization of certain structures. Exploiting this vulnerability allows local users to access confidential information from the kernel’s stack memory by using a specially crafted application that utilizes...

The vulnerability of the Linux operating system allows a malicious individual to gain access to confidential information from the kernel’s stack memory.

The vulnerability exists in the devifconf function in the net/socket.c kernel of Linux, due to the lack of initialization for certain structures. Exploiting this vulnerability allows local users to access confidential information from the kernel’s stack memory through a specially crafted...

The vulnerability of the Linux operating system allows a malicious individual to gain access to confidential information from the kernel’s stack memory.

The vulnerability exists in the tunchrioctl function in the drivers/net/tun.c kernel module of Linux, due to the lack of initialization for certain structures. Exploiting this vulnerability allows local users to access confidential information from the kernel’s stack memory through a specially...

The vulnerability of the Linux operating system allows a malicious individual to gain access to confidential information from the kernel’s stack memory.

A vulnerability exists in the lliucligetname function in the Linux kernel’s net/llc/afllc.c file, due to incorrect return values under certain circumstances. Exploiting this vulnerability allows local users to access confidential information from the kernel’s stack memory, using a specially craft...

The vulnerability of the Linux operating system allows a malicious individual to gain access to confidential information from the kernel’s stack memory.

Errors in the operation of the cpqarray driver for Compaq Smart2 Controllers, as well as the cciss driver for HP Smart Array controllers, allow users to access the kernel memory...

Linux kernel competitive conditions vulnerability (CNVD-2016-04425)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A contention condition vulnerability exists in the 'vopioctl' function in the drivers/misc/mic/vop/vopvringh.c file in Linux kernel 4.6 and earlier. A local attacker can explo...

Linux kernel information disclosure vulnerability (CNVD-2016-04424)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the 'schedreadattr' function in the kernel/sched/core.c file in versions of Linux kernel 3.14-rc4 prior to 3.14-rc, which stems from a progr...

CVE-2016-5244

The rdsincinfocopy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message...

CVE-2016-5243

The tipcnlcompatlinkdump function in net/tipc/netlinkcompat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

CVE-2016-5243

The tipcnlcompatlinkdump function in net/tipc/netlinkcompat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

CVE-2016-5243

The tipcnlcompatlinkdump function in net/tipc/netlinkcompat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

CVE-2016-1583

The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling...

CVE-2016-5244

CVE-2016-5244 affects the Linux kernel and involves the function rds_inc_info_copy in net/rds/recv.c not initializing a structure member. This can enable a remote attacker to read sensitive information from kernel stack memory by processing an RDS message, with impact described as kernel informat...

CVE-2016-1583

The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling...

CVE-2016-5244

The rdsincinfocopy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)

The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils wa...

CVE-2016-1583

The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling...