Page 12 of 64 results (0.024 seconds)

CVSS: 2.1EPSS: 0%CPEs: 15EXPL: 0

CVE-2010-3298 – kernel: drivers/net/usb/hso.c: prevent reading uninitialized memory

https://notcve.org/view.php?id=CVE-2010-3298

The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. La función hso_get_count en drivers/net/usb/hso.c en el kernel Linux anterior a la versión 2.6.36-rc5, no inicia adecuadamente un miembro de cierta estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la pila de memoria del kernel mediante una llamada ioctl TIOCGICOUNT. • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=7011e660938fc44ed86319c18a5954e95a82ab3e http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lkml.org/lkml/2010/9/11/167 http://secunia.com/advisories/41440 http://secunia.com/advisories/42758 http://secunia.com/advisories/42890 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.6EPSS: 0%CPEs: 23EXPL: 4

CVE-2010-3437 – Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure

https://notcve.org/view.php?id=CVE-2010-3437

Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. Error de presencia de signo en entero en la función pkt_find_dev_from_minor de drivers/block/pktcdvd.c del kernl de Linux en versiones anteriores a la 2.6.36-rc6 permite a usuarios locales obtener información confidencial de la memoria del kernel o provocar una denegación de servicio (resolución de referencia a puntero inválido y caída de la aplicación) a través de un valor de índice modificado en una llamada ioctl PKT_CTRL_CMD_STATUS. • https://www.exploit-db.com/exploits/15150 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=252a52aa4fa22a668f019e55b3aac3ff71ec1c29 http://jon.oberheide.org/files/cve-2010-3437.c http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004& • CWE-476: NULL Pointer Dereference •

CVSS: 4.9EPSS: 0%CPEs: 19EXPL: 0

CVE-2010-3067 – kernel: do_io_submit() infoleak

https://notcve.org/view.php?id=CVE-2010-3067

Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. Vulnerabilidad de desbordamiento de entero en la función do_io_submit en fs/aio.c del kernel Linux anterior a v2.6.36-rc4-next-20100915, permite a usuarios locales provocar una denegación de servicio o posiblemente tenga otro impacto sin especificar a través del uso de una llamada de sistema io_submit. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=75e1c70fc31490ef8a373ea2a4bea2524099b478 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://secunia. • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0

CVE-2010-3080 – kernel: /dev/sequencer open failure is not handled correctly

https://notcve.org/view.php?id=CVE-2010-3080

Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device. Vulnerabilidad de doble liberación en la función snd_seq_oss_open de sound/core/seq/oss/seq_oss_init.c en el kernel Linux anterior a v6.36-rc4 podría permitir a usuarios locales causar una denegación de servicio o posiblemente tener otro impacto sin especificar a través de de un intento fallido de abrir el dispositivo /dev/sequencer • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=c598337660c21c0afaa9df5a65bb4a7a0cf15be8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27f7ad53829f79e799a253285318bff79ece15bd http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42890 http://ww • CWE-415: Double Free •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 2

CVE-2010-3301 – Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation

https://notcve.org/view.php?id=CVE-2010-3301

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. La llamada del sistema IA32 para la emulación de binarios de 32 bits en arch/x86/ia32/ia32entry.S en el kernel Linux anterior a v2.6.36-rc4-git2 en la plataforma x86_64 no vuelve a cero el registro% eax después de la ruta de entrada de 32-bits cuando ptrace es utilizado, lo cual permite a usuarios locales conseguir privilegios mediante un acceso out-of-bounds a la tabla de llamadas al sistema usando el registro rax%. NOTA: esta vulnerabilidad ya existía en CVE-2007-4573 • https://www.exploit-db.com/exploits/15023 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=36d001c70d8a0144ac1d038f6876c484849a74de http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eefdca043e8391dcd719711716492063030b55ac http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42758 http://sota.gen.nz/compat2 http:&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-269: Improper Privilege Management •