CVE-2011-1745 – kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
https://notcve.org/view.php?id=CVE-2011-1745
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. Desbordamiento de enteros en la función agp_generic_insert_memory en los drivers /char/agp/generic.c del kernel de Linux con anterioridad a v2.6.38.5 permite a usuarios locales conseguir privilegios o causar una denegación de servicio ( fallo del sistema ) a través de una llamada ioctl manipulada a AGPIOC_BIND agp_ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=194b3da873fd334ef183806db751473512af29ce http://openwall.com/lists/oss-security/2011/04/21/4 http://openwall.com/lists/oss-security/2011/04/22/7 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5 http://www.securityfocus.com/bid/47534 https://bugzilla.redhat.com/show_bug.cgi?id=698996 https://lkml.org/lkml/2011/4/14 • CWE-190: Integer Overflow or Wraparound •
CVE-2011-1593 – kernel: proc: signedness issue in next_pidmap()
https://notcve.org/view.php?id=CVE-2011-1593
Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. Múltiples desbordamientos de entero en la función next_pidmap en kernel/pid.c en el kernel de Linux antes de v2.6.38.4 permiten a usuarios locales causar una denegación de servicio (por caída del sistema) a través de una llamada al sistema (1) getdents o (2) readdir. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c78193e9c7bcbf25b8237ad0dec82f805c4ea69b http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8bdc59f215e62098bc5b4256fd9928bf27053a1 http://groups.google.com/group/fa.linux.kernel/msg/4a28ecb7f755a88d?dmode=source http://openwall.com/lists/oss-security/2011/04/19/1 http://openwall.com/lists/oss-security/2011/04/20/1 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://secunia • CWE-190: Integer Overflow or Wraparound •
CVE-2011-1163 – kernel: fs/partitions: Corrupted OSF partition table infoleak
https://notcve.org/view.php?id=CVE-2011-1163
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. La función ofs/partitions/osf.c en el kernel de linux anterior a v2.6.38 no maneja correctamente un número inválido de particiones, lo que permite a usuarios locales obtner información sensible del heap mediante vectores relacionados con el análisis de la tabla de particiones. • http://downloads.avaya.com/css/P8/documents/100145416 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://openwall.com/lists/oss-security/2011/03/15/14 http://openwall.com/lists/oss-security/2011/03/15/9 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://securityreason.com/securityalert/8189 http://securitytracker.com/id?1025225 • CWE-20: Improper Input Validation •
CVE-2011-0695 – kernel: panic in ib_cm:cm_work_handler
https://notcve.org/view.php?id=CVE-2011-0695
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference. Condición de carrera en la función cm_work_handler del controlador InfiniBand (drivers/infiniband/core/cma.c) del kernel de Linux 2.6.x. Permite a atacantes remotos provocar una denegación de servicio (panic) enviando una petición InfiniBand mientras otros manejadores de petición se están ejecutando, lo que provoca una resolución de puntero inválida. • http://rhn.redhat.com/errata/RHSA-2011-0927.html http://secunia.com/advisories/43693 http://www.openwall.com/lists/oss-security/2011/03/11/1 http://www.securityfocus.com/bid/46839 http://www.spinics.net/lists/linux-rdma/msg07447.html http://www.spinics.net/lists/linux-rdma/msg07448.html http://www.ubuntu.com/usn/USN-1146-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/66056 https://access.redhat.com/security/cve/CVE-2011-0695 https://bugzilla.redhat.com/s • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2011-0711 – kernel: xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
https://notcve.org/view.php?id=CVE-2011-0711
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. La función xfs_fs_geometry de fs/xfs/xfs_fsops.c del kernel de Linux en versiones anteriores a la 2.6.38-rc6-git3 no inicializa un miembro determinado de una estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la memoria de la pila del kernel a través de una llamada ioctl FSGEOMETRY_V1. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba http://openwall.com/lists/oss-security/2011/02/16/10 http://openwall.com/lists/oss-security/2011/02/16/4 http://osvdb.org/70950 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git3.log http://www.securityfocus.com/bid/46417 https://bugzilla.redhat.com/show_bug.cgi?id=67 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •