51 matches found
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
...
AZL-6551 CVE-2021-29648 affecting package kernel for versions less than 5.10.78.1-1
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolvedids and resolvedsizes are intentionally uninitialized in the vmlinux BPF Type Format BTF, which can cause a system crash upon an unexpected access attempt in mapcreate in...
Linux kernel information disclosure vulnerability (CNVD-2019-38261)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. An information disclosure vulnerability exists in Linux kernel versions prior to 5.2.14. The vulnerability stems from...
CVE-2019-2104
In HIDL, safeunion, and other C++ structs/unions being sent to application processes, there are uninitialized fields. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:...
CVE-2019-2104
In HIDL, safeunion, and other C++ structs/unions being sent to application processes, there are uninitialized fields. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:...
DEBIAN-CVE-2017-13715
The skbflowdissect function in net/core/flowdissector.c in the Linux kernel before 4.3 does not ensure that nproto, ipproto, and thoff are initialized, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a single crafted MPLS packet...
UBUNTU-CVE-2017-13715
The skbflowdissect function in net/core/flowdissector.c in the Linux kernel before 4.3 does not ensure that nproto, ipproto, and thoff are initialized, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a single crafted MPLS packet...
UBUNTU-CVE-2016-3829
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 29023649...
PT-2015-3305 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.3 Description: The issue is related to the skb flow dissect function in net/core/flow dissector.c, which does not properly initialize n proto, ip proto, and thoff. This allows remote attackers to cause a denia...
DEBIAN-CVE-2015-3340
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a 1 XENDOMCTLgettscinfo or 2 XENSYSCTLgetdomaininfolist request...
UBUNTU-CVE-2015-3340
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a 1 XENDOMCTLgettscinfo or 2 XENSYSCTLgetdomaininfolist request...