114 matches found
CVE-2011-3188
CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...
CVE-2011-4127
The CVE-2011-4127 entry is supported by connected advisory data that details the vulnerability in the Linux kernel prior to 3.2.2. Affected component: SG_IO ioctl handling in the kernel (SG_IO ioctls not properly restricted). Root cause: insufficient restriction of SG_IO commands, allowing a loca...
CVE-2012-0056
No public technical details about CVE-2012-0056 are present in the connected documents; the Fedora announcements do not expose affected products, versions, or fixes. Monitor for updates.
CVE-2011-4621
The CVE-2011-4621 entry concerns the Linux kernel prior to 2.6.37, where a clock-update optimization is flawed, allowing a local user to cause a denial of service (system hang) by running code in a loop. Affected software is the Linux kernel up to version before 2.6.37; the description does not s...
CVE-2011-1833
The CVE-2011-1833 issue affects the Linux kernel’s eCryptfs subsystem, specifically the ecryptfs_mount path (fs/ecryptfs/main.c). A race condition during mounting with a mismatched uid could let a local attacker bypass file permissions. This vulnerability is present in kernel versions before 3.1....
CVE-2011-2525
CVE-2011-2525 affects the Linux kernel prior to 2.6.35, where the qdisc_notify function in net/sched/sch_api.c does not prevent tc_fill_qdisc calls referencing builtin Qdisc structures. This can lead to a NULL pointer dereference and OOPS, enabling local users to cause a denial of service and pot...
CVE-2012-3400
CVE-2012-3400 describes a heap-based buffer overflow in the udf_load_logicalvol function (fs/udf/super.c) of the Linux kernel up to version 3.4.5. The flaw allows remote attackers to cause a denial of service (system crash) or potentially other impact via a crafted UDF filesystem. Connected advis...
CVE-2012-2136
CVE-2012-2136 affects the Linux kernel prior to 3.4.5. The sock_alloc_send_pskb function does not properly validate a length value, enabling a local user to trigger a heap-based overflow that can crash the system or potentially gain privileges via access to a TUN/TAP device. Affected software is ...
CVE-2012-0879
CVE-2012-0879 affects the Linux kernel prior to 2.6.33, where the I/O implementation for block devices mishandles the CLONE_IO feature. Local attackers can create multiple processes sharing an I/O context, causing I/O instability and a denial of service. The vulnerability is evidenced across mult...
CVE-2011-3191
CVE-2011-3191 affects the Linux kernel CIFS implementation (fs/cifs/cifssmb.c: CIFSFindNext). It is caused by an integer signedness error, existing in kernels before 3.1, which can allow a remote CIFS server to trigger memory corruption or other impact via a large length value in a directory read...
CVE-2011-1160
Technical details for CVE-2011-1160 are not publicly available in the supplied connected documents. The initial description identifies a kernel memory info leak in tpm_open (Linux kernel
CVE-2011-1080
CVE-2011-1080 affects the Linux kernel prior to 2.6.39 via the do_replace path in net/bridge/netfilter/ebtables.c. The issue: a name field may not end with a null terminator, enabling a local user with CAP_NET_ADMIN to replace a bridge table and read potentially sensitive data from kernel stack m...
CVE-2011-1162
CVE-2011-1162 is a memory-clearing flaw in the Linux kernel 2.6 tpm_read() that can let a local unprivileged user read data from a previous TPM command. The connected advisories (MiracleLinux AXSA entries, Oracle Linux ELSA advisories, and RHSA-2012:0010) explicitly list CVE-2011-1162 among kerne...
CVE-2011-4132
CVE-2011-4132 affects the Linux kernel’s Journaling Block Device (JBD) cleanup_journal_tail function. The vulnerability allows local users to trigger a denial of service (assertion error and kernel oops) when handling an ext3 or ext4 image containing an invalid log first block value. The descript...
CVE-2011-2699
CVE-2011-2699 affects the Linux kernel IPv6 implementation. The vulnerability is that, before version 3.1, Fragment Identification values were not generated separately for each destination, enabling remote attackers to cause a denial of service by sending crafted packets. Connected advisories ref...
CVE-2011-4131
CVE-2011-4131 affects the Linux kernel’s NFSv4 GETACL handling: the NFSv4 implementation does not correctly manage bitmap sizes when replying, allowing a remote NFS server to trigger a denial of service (OOPS) by sending an excessive number of bitmap words. The issue is fixed in or after the 3.2....
CVE-2011-4330
CVE-2011-4330 describes a stack-based buffer overflow in the Linux kernel 2.6, specifically in hfs_mac2asc (fs/hfs/trans.c). A crafted HFS image len field can be used by a local user to trigger a crash and, per the description, possibly execute arbitrary code. The associated connected documents c...
CVE-2012-3412
CVE-2012-3412 affects the sfc (Solarflare Solarstorm) driver in the Linux kernel, specifically versions before 3.2.30. The vulnerability allows remote attackers to trigger a denial of service by sending crafted TCP packets that induce a small MSS value, leading to DMA descriptor consumption and n...
CVE-2011-1079
The CVE-2011-1079 issue affects the Linux kernel up to version 2.6.38 (before 2.6.39) in the bnep_sock_ioctl path (net/bluetooth/bnep/sock.c). A local attacker could exploit inadequate termination of a device field (missing trailing NUL) via a BNEPCONNADD command to read kernel stack memory and p...
CVE-2011-4110
CVE-2011-4110 is a vulnerability in the Linux kernel 2.6 that affects the user_update function in security/keys/user_defined.c. The issue allows local users to trigger a denial of service via a NULL pointer dereference and kernel oops when updating a negative key into a fully instantiated key. Ex...
CVE-2012-2375
CVE-2012-2375 affects the Linux kernel NFSv4 implementation where __nfs4_get_acl_uncached in fs/nfs/nfs4proc.c uses an incorrect length variable during a copy, enabling remote NFS servers to trigger a denial of service (OOPS) by sending excessive bitmap words in an FATTR4_ACL reply. Affected are ...
CVE-2011-1078
CVE-2011-1078 affects the Linux kernel prior to 2.6.39. The vulnerable code is sco_sock_getsockopt_old in net/bluetooth/sco.c, where a structure used with the SCO_CONNINFO option is not initialized, enabling a local attacker to read potentially sensitive data from kernel stack memory. Exploitatio...
CVE-2011-2496
CVE-2011-2496 affects the Linux kernel prior to 2.6.39. An integer overflow in vma_to_resize (mm/mremap.c) lets local users trigger a BUG_ON and system crash via a crafted mremap call that expands a memory mapping. Mitigation: upgrade to kernel 2.6.39 or later where the issue is fixed. The connec...
CVE-2011-4077
CVE-2011-4077 is a Linux kernel XFS-related vulnerability described in the provided documents as a buffer overflow in the xfs_readlink function (fs/xfs/xfs_vnodeops.c) when CONFIG_XFS_DEBUG is disabled. The issue affects Linux kernel 2.6 with XFS, allowing a local attacker to cause memory corrupt...
CVE-2012-1097
CVE-2012-1097 affects the Linux kernel before 3.2.10, where the regset (register set) path mishandles absence of .get/.set methods. This can allow a local attacker to trigger a NULL pointer dereference via PTRACE_GETREGSET or PTRACE_SETREGSET, possibly causing denial of service or other impact. R...
CVE-2011-2517
The vulnerability CVE-2011-2517 affects the Linux kernel (pre-2.6.39.2) where multiple buffer overflows in net/wireless/nl80211.c can allow local users to gain privileges by exploiting a long SSID during scan operations when CAP_NET_ADMIN is available. Impact is local privilege escalation with co...
CVE-2011-2918
CVE-2011-2918 affects the Linux kernel perf subsystem (Performance Events). The issue arises in the handling of event overflows for PERF_COUNT_SW_CPU_CLOCK, enabling a local attacker to cause a denial of service (system hang) via a crafted application. Public references in connected advisories co...
CVE-2012-1601
CVE-2012-1601 concerns the KVM component of the Linux kernel. The vulnerability exists in the KVM implementation prior to version 3.3.6 and can be triggered by a host OS user making a KVM_CREATE_IRQCHIP ioctl after a virtual CPU already exists. The issue may lead to a NULL pointer dereference and...
CVE-2012-3511
The CVE-2012-3511 entry maps to the Linux kernel issue in mm/madvise.c: madvise_remove contains race conditions that can be exploited locally to trigger use-after-free and kernel crash, resulting in denial of service via munmap or close. Affected lineage includes kernels before 3.4.5; patches add...
CVE-2012-2121
CVE-2012-2121 affects the KVM component of the Linux kernel prior to 3.3.4. The vulnerability stems from improper management of the relationships between memory slots and the iommu, enabling guest OS users (with administrative access inside the guest) to trigger hotplug/hotunplug operations on de...
CVE-2011-4086
The CVE-2011-4086 vulnerability affects the Linux kernel prior to 3.3.1, where journal_unmap_buffer in fs/jbd2/transaction.c mishandles _Delay and _Unwritten journal buffer head states. This can crash the system (local DoS) when an ext4 filesystem is mounted with a journal. Remediation: upgrade t...
CVE-2012-3375
CVE-2012-3375—Linux kernel epoll_ctl DoS Affected: Linux kernel before 3.2.24 (fs/eventpoll.c).Cause: EPOLL_CTL_ADD mishandles ELOOP errors, due to an incorrect fix for CVE-2011-1083.Impact: Local users can trigger a denial of service via a crafted application that creates circular epoll dependen...
CVE-2011-2203
CVE-2011-2203 affects the Linux kernel (2.6.x) as cited in MiracleLinux AXSA:2012-220:01. The hfs_find_init function can crash the kernel (NULL pointer dereference) and trigger a kernel OOPs when mounting an HFS filesystem with a malformed MDB extent record, enabling a local DoS. The MiracleLinux...
CVE-2012-0207
CVE-2012-0207 affects the Linux kernel before 3.2.1, where igmp_heard_query in net/ipv4/igmp.c can be triggered by IGMP packets to cause a divide-by-zero leading to a kernel panic (DoS). The vulnerability is addressed in Linux 3.2.1 (as per ChangeLog-3.2.1). Connected advisories/Nessus entries re...
CVE-2012-2373
CVE-2012-2373 affects the Linux kernel before 3.4.5 on x86 with Physical Address Extension (PAE) enabled. It arises from improper use of the Page Middle Directory (PMD), enabling a race condition that local users can trigger to cause a denial of service (panic) via a crafted application. The conn...
CVE-2012-0038
CVE-2012-0038 affects the Linux kernel prior to 3.1.9. An integer overflow in fs/xfs/xfs_acl.c (xfs_acl_from_disk) can be triggered by a malformed ACL on a filesystem, leading to a heap-based buffer overflow and a local-denial-of-service (panic). A fix was released in 3.1.9. Users should upgrade ...
CVE-2012-2313
The CVE-2012-2313 issue affects the Linux kernel up to version 3.3.7, where rio_ioctl in drivers/net/ethernet/dlink/dl2k.c does not restrict access to the SIOCSMIIREG ioctl. This allows local attackers to write data to an Ethernet adapter via an ioctl call. The vulnerability is rooted in insuffic...
CVE-2012-2319
CVE-2012-2319 refers to multiple buffer overflows in the Linux kernel’s hfsplus filesystem implementation, exploitable locally to gain privileges via a crafted HFS+ filesystem. Affected: Linux kernel before 3.3.5. Root cause: buffer overflow in hfsplus code (related to CVE-2009-4020). Impact, as ...
CVE-2011-3353
CVE-2011-3353 : In the Linux kernel, a buffer/length handling issue in fuse_notify_inval_entry (fs/fuse/dev.c) before 3.1 can allow a local attacker mounting a FUSE filesystem to trigger a BUG_ON and system crash, i.e., local denial of service. Public advisories (e.g., OpenSUSE, Red Hat/Oracle/Li...
CVE-2012-2133
The CVE-2012-2133 issue is a use-after-free in the Linux kernel before 3.3.6 involving hugetlbfs when huge pages are enabled. A local user could crash the system or potentially escalate privileges by interacting with quota data during a umount operation, due to improper handling of quota data in ...
CVE-2011-3363
The CVE-2011-3363 issue affects the Linux kernel up to version 2.6.38, specifically the setup_cifs_sb function in fs/cifs/connect.c. The root cause is improper handling of DFS referrals, enabling a remote CIFS server to trigger a denial-of-service (system crash) by placing a referral at the root ...
CVE-2012-1090
CVE-2012-1090 affects the Linux kernel: the cifs_lookup function in fs/cifs/dir.c can trigger a local denial of service (OOPS) when a local user accesses a specially crafted file (e.g., a FIFO). The issue exists in kernel versions prior to 3.2.10. Exploitation requires local access. The documente...
CVE-2012-4508
CVE-2012-4508 is a race condition in the Linux kernel's ext4 extents handling (fs/ext4/extents.c) that, before version 3.4.16, allows a local unprivileged user to read data from a deleted file by reading an extent that isn’t properly marked uninitialized. The issue is fixed in the 3.4.16 update (...
CVE-2011-3209
CVE-2011-3209 affects the Linux kernel on x86 prior to 2.6.26. The div_long_long_rem implementation in include/asm-x86/div64.h can trigger a Divide Error Fault and system panic when clock_gettime is invoked by local users, leading to a denial of service. The impact is local, with a complete avail...
CVE-2011-3637
CVE-2011-3637 is a vulnerability in the Linux kernel where the m_stop function in fs/proc/task_mmu.c can trigger an OOPS via vectors that cause an m_start error. Affected: Linux kernel versions prior to 2.6.39 (i.e., 2.6.38 and earlier). Impact: local denial of service (kernel oops) without remot...
CVE-2012-2744
The vulnerability CVE-2012-2744 affects the Linux kernel (net/ipv6/netfilter/nf_conntrack_reasm.c) when nf_conntrack_ipv6 is enabled. It allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain fragmented IPv6 packets. A fix is available in kern...
CVE-2012-3430
CVE-2012-3430 : In the Linux kernel before 3.0.44, the function rds_recvmsg in net/rds/recv.c fails to initialize a structure member, allowing a local attacker to read potentially sensitive kernel stack memory via recvfrom or recvmsg on an RDS socket. Impact: information disclosure. Affected: Lin...
CVE-2011-2183
CVE-2011-2183 targets the Linux kernel’s Kernel SamePage Merging (KSM) feature. When KSM is enabled, a race in scan_get_next_rmap_item in mm/ksm.c can allow a local user to trigger a NULL pointer dereference, potentially crashing the kernel or causing other unspecified impact. Affected: Linux ker...
CVE-2012-1146
The vulnerability CVE-2012-1146 affects the Linux kernel, specifically mem_cgroup_usage_unregister_event in mm/memcontrol.c, when running versions before 3.2.10. The issue arises from how multiple events attached to the same eventfd are handled, enabling a local attacker to trigger a NULL pointer...
CVE-2011-2495
CVE-2011-2495 affects the Linux kernel prior to 2.6.39.4. The issue is in fs/proc/base.c where access to /proc/#####/io is insufficiently restricted, allowing local users to poll a file and infer sensitive I/O statistics (e.g., length of another user’s password). The MiracleLinux advisories refer...