19 matches found
CVE-2011-1160
Technical details for CVE-2011-1160 are not publicly available in the supplied connected documents. The initial description identifies a kernel memory info leak in tpm_open (Linux kernel
CVE-2011-1080
CVE-2011-1080 affects the Linux kernel prior to 2.6.39 via the do_replace path in net/bridge/netfilter/ebtables.c. The issue: a name field may not end with a null terminator, enabling a local user with CAP_NET_ADMIN to replace a bridge table and read potentially sensitive data from kernel stack m...
CVE-2011-1079
The CVE-2011-1079 issue affects the Linux kernel up to version 2.6.38 (before 2.6.39) in the bnep_sock_ioctl path (net/bluetooth/bnep/sock.c). A local attacker could exploit inadequate termination of a device field (missing trailing NUL) via a BNEPCONNADD command to read kernel stack memory and p...
CVE-2011-1078
CVE-2011-1078 affects the Linux kernel prior to 2.6.39. The vulnerable code is sco_sock_getsockopt_old in net/bluetooth/sco.c, where a structure used with the SCO_CONNINFO option is not initialized, enabling a local attacker to read potentially sensitive data from kernel stack memory. Exploitatio...
CVE-2011-1171
CVE-2011-1171 affects the Linux kernel prior to 2.6.39, specifically the IPv4 netfilter ip_tables.c path. The issue is that string data in certain structure members may not end with the expected null terminator, enabling a local attacker with CAP_NET_ADMIN to craft a request and read the argument...
CVE-2011-2496
CVE-2011-2496 affects the Linux kernel prior to 2.6.39. An integer overflow in vma_to_resize (mm/mremap.c) lets local users trigger a BUG_ON and system crash via a crafted mremap call that expands a memory mapping. Mitigation: upgrade to kernel 2.6.39 or later where the issue is fixed. The connec...
CVE-2011-1172
The CVE-2011-1172 issue affects the Linux kernel IPv6 stack (net/ipv6/netfilter/ip6_tables.c): root cause is failure to append a null terminator to certain string values, enabling local memory information disclosure via a crafted request (CAP_NET_ADMIN) and reading the modprobe argument. Impact i...
CVE-2011-0726
The CVE-2011-0726 entry is supported by connected advisories describing a Linux kernel vulnerability in do_task_stat (fs/proc/array.c) present in kernels before 2.6.39-rc1. The flaw allows local users to defeat ASLR by reading start_code/end_code from /proc/[pid]/stat for PIE processes, implying ...
CVE-2011-1170
CVE-2011-1170 affects the Linux kernel prior to 2.6.39 where net/ipv4/netfilter/arp_tables.c does not place the expected null terminator at the end of certain string values. This can allow a local user with CAP_NET_ADMIN to craft a request and read the argument to the modprobe process, potentiall...
CVE-2011-1927
The CVE-2011-1927 entry concerns the Linux kernel: the ip_expire function in net/ipv4/ip_fragment.c before 2.6.39 fails to properly construct ICMP_TIME_EXCEEDED after a timeout, allowing remote attackers to trigger a NULL pointer dereference and crash parts of the kernel via crafted fragmented pa...
CVE-2011-1493
CVE-2011-1493 affects the Linux kernel (before 2.6.39). The vulnerable code is in rose_parse_national (net/rose/rose_subr.c), where an array index error can be triggered by a FAC_NATIONAL_DIGIS entry that specifies many digipeaters. This can cause heap memory corruption and a remote denial of ser...
CVE-2011-1479
CVE-2011-1479 : A double-free in the Linux kernel’s inotify subsystem (kernel versions before 2.6.39) allows local users to crash the system via paths involving failed file creation. The issue stems from an incorrect fix related to CVE-2010-4250. Affected product: Linux kernel; vulnerability type...
CVE-2011-4913
CVE-2011-4913 affects the Linux kernel before 2.6.39. The rose_parse_ccitt function in net/rose/rose_subr.c does not validate FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, allowing remote attackers to cause a denial of service (integer underflow, heap memory corruption, panic) with a small l...
CVE-2011-1476
CVE-2011-1476 is an integer underflow in the Linux kernel OSS subsystem (specifically the MIDI/OSS sequencer driver) before 2.6.39 on unspecified non-x86 platforms. It allows local users to cause a denial of service via memory corruption by crafting writes to /dev/sequencer. Publicly documented f...
CVE-2011-1759
CVE-2011-1759 affects the Linux kernel on ARM with OABI compatibility enabled. The flaw is an integer overflow in sys_oabi_semtimedop (arch/arm/kernel/sys_oabi-compat.c) prior to release 2.6.39, allowing local users to gain privileges or trigger a denial of service via heap memory corruption due ...
CVE-2011-1477
CVE-2011-1477 affects the Linux kernel (sound/oss/opl3.c) through multiple array index errors before 2.6.39. These flaws allow local users to cause a denial of service via heap memory corruption and, potentially, gain privileges by writing to /dev/sequencer. The issue is tied to Yamaha YM3812/OPL...
CVE-2011-4914
The CVE-2011-4914 issue affects the Linux kernel ROSE protocol implementation prior to 2.6.39. It arises because data-length values are not verified against the actual data sent, enabling remote attackers to read kernel memory (out-of-bounds read) or cause a denial of service via crafted data to ...
CVE-2011-2493
The CVE-2011-2493 entry affects the Linux kernel, specifically the ext4_fill_super function in fs/ext4/super.c, with vulnerability present in versions prior to 2.6.39. The issue arises from improper initialization of an error-report data structure, enabling local users to cause a denial of servic...
CVE-2010-5329
The CVE-2010-5329 issue affects Linux kernels (video_usercopy in drivers/media/video/v4l2-ioctl.c) before 2.6.39. The flaw is that it relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which could allow local users to trigger memory exhaustion (DoS). The ...