82 matches found
CVE-2010-3865
CVE-2010-3865 is a Linux kernel issue described in connected advisories as an integer overflow in the rds_rdma_pages function (net/rds/rdma.c). The vulnerability can allow local users to crash the kernel and potentially execute arbitrary code through a crafted iovec in an RDS request, triggered b...
CVE-2010-3873
CVE-2010-3873 affects the Linux kernel X.25 implementation prior to 2.6.36.2. The vulnerability arises from improper parsing of facilities, allowing a remote attacker to trigger heap memory corruption and a kernel panic (partial availability) via malformed X25_FAC_CALLING_AE or X25_FAC_CALLED_AE ...
CVE-2011-2189
Summary (CVE-2011-2189): The Linux kernel (2.6.32 and earlier) has a flaw in net_namespace.c that mishandles a high rate of network-namespace creation/cleanup. This can allow remote attackers to cause a denial of service via memory consumption in a daemon that creates a separate namespace per con...
CVE-2011-1083
The CVE-2011-1083 issue affects the Linux kernel epoll implementation (epoll_ctl/epoll_create) as shipped in 2.6.37.2 and earlier. Local attackers can cause CPU denial of service by crafting a user-space application that creates and manages epoll file descriptors, exploiting improper traversal of...
CVE-2011-1093
CVE-2011-1093 affects the Linux kernel’s Datagram Congestion Control Protocol (DCCP). The vulnerable code path is dccp_rcv_state_process in net/dccp/input.c, which mishandles packets for a CLOSED endpoint. An attacker can trigger a NULL pointer dereference and OOPS by sending a DCCP-Close packet ...
CVE-2011-1495
CVE-2011-1495 affects the Linux kernel up to 2.6.38, in drivers/scsi/mpt2sas/mpt2sas_ctl.c. The issue arises because length and offset values are not validated before memory copy operations, potentially allowing a local user to gain privileges, cause memory corruption (DoS), or read sensitive ker...
CVE-2011-1494
CVE-2011-1494 affects the Linux kernel (2.6.38 and earlier) via an integer overflow in the _ctl_do_mpt_command function (drivers/scsi/mpt2sas/mpt2sas_ctl.c). This can allow local users to gain privileges or cause a denial of service (memory corruption) by issuing an ioctl with a crafted value tha...
CVE-2010-4243
CVE-2010-4243 affects the Linux kernel up to version 2.6.37. The issue is in fs/exec.c where the OOM Killer does not assess stack memory usage of the arrays representing (1) arguments and (2) environment during an exec, enabling a local user to cause memory exhaustion (denial of service) via a cr...
CVE-2010-3876
CVE-2010-3876 affects the Linux kernel: the code path net/packet/af_packet.c in kernel versions before 2.6.37-rc2 does not properly initialize certain structure members, allowing local users with CAP_NET_RAW to read copies of the applicable structures from kernel stack memory. Publicly document d...
CVE-2011-0521
The CVE-2011-0521 issue affects the Linux kernel’s dvb_ca_ioctl in drivers/media/dvb/ttpci/av7110_ca.c, where the sign of a certain integer field is not checked in versions before 2.6.38-rc2. This allows local users to cause a denial of service via memory corruption and potentially other unspecif...
CVE-2011-0711
CVE-2011-0711 affects the Linux kernel through the xfs_fs_geometry function in fs/xfs/xfs_fsops.c. The vulnerability arises because a structure member is not initialized, enabling local attackers to read potentially sensitive data from kernel stack memory via the FSGEOMETRY_V1 ioctl. The affected...
CVE-2011-1020
CVE-2011-1020 affects the Linux kernel (2.6.37 and earlier) where the proc filesystem does not restrict access to /proc after a process execs a setuid program. This can let local attackers obtain sensitive information or cause a denial of service by performing open, lseek, read, or write operatio...
CVE-2011-1745
The CVE-2011-1745 entry affects the Linux kernel: an integer overflow in the agp_generic_insert_memory function (drivers/char/agp/generic.c) in kernels before 2.6.38.5. This allows local users to gain privileges or cause a denial of service via a crafted AGPIOC_BIND agp_ioctl call. Affected platf...
CVE-2010-4655
CVE-2010-4655 affects the Linux kernel’s net/core/ethtool.c, where uninitialized data structures in ethtool ioctl handling could allow a local user with CAP_NET_ADMIN to leak information from kernel heap memory. The initial description specifies the vulnerability exists in kernel builds before 2....
CVE-2011-1746
The CVE affects the Linux kernel prior to 2.6.38.5, specifically the AGP subsystem in drivers/char/agp/generic.c. It is caused by multiple integer overflows in the functions agp_allocate_memory and agp_create_user_memory, allowing local users to trigger buffer overflows and potentially crash the ...
CVE-2011-1576
CVE-2011-1576 affects the Linux kernel GRO offload path (napi_reuse_skb) used in Red Hat Enterprise Linux 5 (kernel 2.6.18) and Red Hat Enterprise Linux 6 (kernel 2.6.32) as deployed in RHEV Hypervisor. The advisory notes that remote attackers can trigger VLAN-packet processing to cause a denial ...
CVE-2011-1776
The CVE-2011-1776 issue affects the Linux kernel’s is_gpt_valid function (fs/partitions/efi.c). It does not validate the size of a GPT entry, allowing physically proximate attackers to trigger a heap-based buffer overflow and OOPS or potentially read kernel heap memory when a crafted GPT storage ...
CVE-2011-2022
The CVE-2011-2022 issue affects the Linux kernel (drivers/char/agp/generic.c) prior to 2.6.38.5. The vulnerability is due to failure to validate a start parameter in the agp_generic_remove_memory function, enabling local users to gain privileges or cause a denial of service (system crash) via a c...
CVE-2010-4163
The CVE-2010-4163 issue affects the Linux kernel, where blk_rq_map_user_iov in block/blk-map.c is vulnerable before version 2.6.36.2. A local attacker can trigger a denial of service (kernel panic) by submitting a zero-length I/O request via a device ioctl to a SCSI device. The description explic...
CVE-2010-3875
CVE-2010-3875 affects the Linux kernel, specifically the ax25_getname function in net/ax25/af_ax25.c. The root cause is that a structure is not initialized, enabling local users to read a copy of kernel stack memory and potentially obtain sensitive information. The issue is tied to kernels prior ...
CVE-2011-1010
Concretely, CVE-2011-1010 is reported in MiracleLinux advisory AXSA:2011-282:05 as affecting kernel-2.6.18-238.2.AXS3. It describes a buffer overflow in the mac_partition function (fs/partitions/mac.c) of the Linux kernel, prior to version 2.6.37.2, which can allow a local user to cause a denial ...
CVE-2011-1013
CVE-2011-1013 is an integer signedness error in the drm_modeset_ctl ioctl handling that affects the Linux kernel prior to 2.6.38 and OpenBSD prior to 4.9, allowing local users to trigger out-of-bounds writes and potentially crash the system or cause other impact via a crafted vb_num in an ioctl. ...
CVE-2010-4526
CVE-2010-4526 describes a race condition in the Linux kernel between 2.6.11-rc2 and 2.6.33 in sctp_icmp_proto_unreachable (net/sctp/input.c). An ICMP Unreachable to a socket that is already locked by a user can free the socket and trigger list corruption via sctp_wait_for_connect, enabling remote...
CVE-2011-1577
CVE-2011-1577 describes a heap-based buffer overflow in the is_gpt_valid function of fs/partitions/efi.c in Linux kernel 2.6.38 and earlier. This allows physically proximate attackers to cause a denial of service (OOPS) or potentially other impact via a crafted EFI GPT header size on removable me...
CVE-2010-3877
The CVE-2010-3877 issue affects the Linux kernel (as cited in MiracleLinux AXSA:2011-143:02 and related advisories) where get_name in net/tipc/socket.c does not initialize a structure, enabling local attackers to read uninitialized kernel stack memory and leak information. Impact is a local infor...
CVE-2010-4164
CVE-2010-4164 affects the Linux kernel prior to 2.6.36.2, where multiple integer underflows occur in the x25_parse_facilities function (net/x25/x25_facilities.c). This can allow a remote attacker to cause a denial of service (system crash) via malformed X.25 facility data (X25_FAC_CLASS_A/B/C/D)....
CVE-2010-4649
The CVE-2010-4649 issue affects the Linux kernel up to 2.6.37, where an Integer overflow in ib_uverbs_poll_cq (drivers/infiniband/core/uverbs_cmd.c) allows a local user to cause memory corruption and a possible DoS or other unspecified impact when a structure member is large. The vulnerability re...
CVE-2010-4668
CVE-2010-4668 affects the Linux kernel up to 2.6.37-rc7, where blk_rq_map_user_iov in block/blk-map.c allows a local user to trigger a panic/DoS via a zero-length I/O request to a SCSI device, due to an unaligned map. The vulnerability is tied to an incomplete fix for CVE-2010-4163. Affected vers...
CVE-2011-1171
CVE-2011-1171 affects the Linux kernel prior to 2.6.39, specifically the IPv4 netfilter ip_tables.c path. The issue is that string data in certain structure members may not end with the expected null terminator, enabling a local attacker with CAP_NET_ADMIN to craft a request and read the argument...
CVE-2011-1172
The CVE-2011-1172 issue affects the Linux kernel IPv6 stack (net/ipv6/netfilter/ip6_tables.c): root cause is failure to append a null terminator to certain string values, enabling local memory information disclosure via a crafted request (CAP_NET_ADMIN) and reading the modprobe argument. Impact i...
CVE-2011-1090
CVE-2011-1090 affects the Linux kernel’s NFSv4 ACL handling: the function __nfs4_proc_set_acl in fs/nfs/nfs4proc.c allocates memory with kmalloc but does not always free it, enabling a local attacker to trigger a denial of service (panic) by crafting an ACL set operation. The vulnerability is doc...
CVE-2010-4251
CVE-2010-4251 affects the Linux kernel up to version 2.6.34. The vulnerability lies in the socket backlog handling in net/core/sock.c, which allows remote attackers to cause memory exhaustion DoS by sending大量 network traffic (e.g., UDP via netperf). The issue is addressed by the 2.6.34 changelog ...
CVE-2011-1044
CVE-2011-1044 affects the Linux kernel (pre-2.6.37) and is caused by ib_uverbs_poll_cq in drivers/infiniband/core/uverbs_cmd.c not initializing a certain response buffer. This allows local attackers to read potentially sensitive data from kernel memory via vectors that fill the buffer only partia...
CVE-2011-1082
CVE-2011-1082 affects the Linux kernel prior to 2.6.38. The flaw is in fs/eventpoll.c where epoll file descriptors may be placed inside other epoll data structures without proper validation of closed loops or deep chains. This can let a local user cause a denial of service (deadlock or stack memo...
CVE-2011-1017
CVE-2011-1017 relates to a heap-based buffer overflow in the Linux kernel’s LDM code path. Affected component: fs/partitions/ldm.c (ldm_frag_add) in kernel 2.6.37.2 and earlier. Root cause cited in connected docs: bugs in evaluating LDM partitions could crash the kernel for certain corrupted LDM ...
CVE-2011-1076
CVE-2011-1076 affects the Linux kernel up to 2.6.37 in dns_key.c; remote DNS servers sending invalid responses can trigger a NULL pointer dereference/OOPS, leading to a denial of service. Reports from SUSE/Red Hat/NVD corroborate. Remediation: upgrade to kernel 2.6.38 or newer (vendor patches). E...
CVE-2011-2213
The CVE-2011-2213 issue concerns the Linux kernel vulnerability in inet_diag_bc_audit (net/ipv4/inet_diag.c) present before 2.6.39.3. Affected component audits INET_DIAG bytecode and, when processing crafted INET_DIAG_REQ_BYTECODE messages (e.g., an INET_DIAG_BC_JMP with a zero yes value), allows...
CVE-2011-2492
CVE-2011-2492 affects the Linux kernel Bluetooth subsystem prior to 3.0-rc4, where certain data structures are not properly initialized. The flaw is exploited via a crafted getsockopt system call in the l2cap_sock_getsockopt_old and rfcomm_sock_getsockopt_old paths, enabling local users to obtain...
CVE-2010-4656
CVE-2010-4656 affects the Linux kernel’s USB iowarrior driver (drivers/usb/misc/iowarrior.c). The root cause is improper buffer/memory allocation in iowarrior_write, enabling a heap-based buffer overflow via a long report from a malicious device. This aligns with openSUSE/SUSE advisories noting a...
CVE-2011-0726
The CVE-2011-0726 entry is supported by connected advisories describing a Linux kernel vulnerability in do_task_stat (fs/proc/array.c) present in kernels before 2.6.39-rc1. The flaw allows local users to defeat ASLR by reading start_code/end_code from /proc/[pid]/stat for PIE processes, implying ...
CVE-2010-4160
The CVE-2010-4160 issue is present in the Linux kernel before 2.6.36.2, involving multiple integer overflows in the PPPoL2TP and IPoL2TP sendmsg paths (pppol2tp_sendmsg and l2tp_ip_sendmsg). The vulnerability can allow local users to trigger a denial of service through heap memory corruption and ...
CVE-2011-2484
CVE-2011-2484 affects the Linux kernel, specifically code paths in kernel/taskstats.c. In kernels 2.6.39.1 and earlier, add_del_listener does not prevent multiple registrations of exit handlers, enabling a local attacker to cause denial of service through memory/CPU exhaustion and potentially byp...
CVE-2010-4242
CVE-2010-4242 affects the Linux kernel 2.6.36 (and possibly other versions). The vulnerability is in the HCI UART driver, specifically the hci_uart_tty_open function in drivers/bluetooth/hci_ldisc.c, which does not verify if the tty has a write operation. This can allow a local user to cause a de...
CVE-2010-4175
Technical details for CVE-2010-4175 are not provided in the supplied documents; monitor for updates.
CVE-2011-0712
Technical details about CVE-2011-0712 are not publicly provided in the supplied documents. Monitor for updates in connected advisories; no confirmed affected products, versions, or fixes are stated here.
CVE-2011-1593
CVE-2011-1593 affects the Linux kernel before 2.6.38.4, where multiple integer overflows in the next_pidmap function (kernel/pid.c) allow a local user to crash the system via crafted getdents or readdir calls. The connected advisories confirm the affected component and the root cause (integer ove...
CVE-2011-1770
CVE-2011-1770 affects the Linux kernel up to version 2.6.33.14, where an integer underflow in dccp_parse_options (net/dccp/options.c) can be triggered by a DCCP packet with an invalid feature options length, causing a buffer over-read and remote denial of service. The vulnerability is exploitable...
CVE-2010-4527
The CVE-2010-4527 entry concerns the Linux kernel OSS sound driver (load_mixer_volumes in sound/oss/soundcard.c). It arises because a name field is not guaranteed to end with a NUL, enabling a local user to trigger a buffer overflow via SOUND_MIXER_SETLEVELS, with potential to escalate privileges...
CVE-2011-1163
Vulnerability: CVE-2011-1163 affects the Linux kernel (fs/partitions/osf.c) where osf_partition mishandles an invalid number of partitions, potentially allowing local attackers to read kernel heap memory via partition-table parsing vectors. Affected: Linux kernel versions prior to 2.6.38. Root ca...
CVE-2011-1478
CVE-2011-1478 affects the Linux kernel’s GRO napi_reuse_skb path: it does not reset certain structure members in net/core/dev.c, enabling a remote attacker to trigger a NULL pointer dereference via a malformed VLAN frame and cause a denial of service. The vulnerability is present in kernels befor...