CVSS: 4.9EPSS: 0%CPEs: 102EXPL: 0CVE-2008-4307 – Kernel BUG() in locks_remove_flock
https://notcve.org/view.php?id=CVE-2008-4307
Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case. Condición de carrera en la función do_setlk en fs/nfs/file.c del kernel de Linux versiones anteriores a v2.6.26 permite a usuarios locales provocar una denegación de servicio (caída) mediante vectores resultantes de una petición RPC interrumpida que conduce a una perdida de cierre de FL_POSIX, relacionado con un inapropiado manejo de una carrera entre "fcntl" y "close" en la gestión de la interrupción de sistema "EINTR". • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc http://openwall.com/lists/oss-security/2009/01/13/1 http://rhn.redhat.com/errata/RHSA-2009-0459.html http://rhn.redhat.com/errata/RHSA-2009-0473.html http://secunia.com/advisories/34917 http://secunia.com/advisories/34962 http://secunia.com/advisories/34981 http://secunia.com/advisories/35011 http://secunia.com/advisories/35015 http://secunia.com&#x • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 94%CPEs: 109EXPL: 1CVE-2009-0065 – Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Overflow
https://notcve.org/view.php?id=CVE-2009-0065
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. Desbordamiento de búfer en net/sctp/sm_statefuns.c en la implementación del "Stream Control Transmission Protocol (sctp)" (Protocolo de Tansmisión de Control de Flujo) en el kernel de Linux antes de v2.6.28-git8 permite a atacantes remotos tener un impacto desconocido mediante un fragmento WD-TSN (también conocido como FORWARD-TSN) con un flujo ID grande. • https://www.exploit-db.com/exploits/8556 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9fcb95a105758b81ef0131cd18e2db5149f13e95 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://patchwork.ozlabs.org/patch/15024 h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 1.9EPSS: 0%CPEs: 120EXPL: 0CVE-2008-5700 – kernel: enforce a minimum SG_IO timeout
https://notcve.org/view.php?id=CVE-2008-5700
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program. libata en el kernel de Linux anterior a 2.6.27.9, no establece un tiempo de espera mínimo para solicitudes SG_IO; esto permite a usuarios locales provocar una denegación de servicio (Modo E/S programado en controladores) a través de múltiples invocaciones simultáneas de un programa de test no especificado. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=f2f1fa78a155524b849edf359e42a3001ea652c0 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html http://openwall.com/lists/oss-security/2008/12/09/2 http://secunia.com/advisories/33706 http://secunia.com/advisories/33756 http://secunia.com/advisories/33758 http://secunia.com/advisories/33854 http://secunia.com/advisories/34252 http://secunia.com/advisories/34762 http://secunia. • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 110EXPL: 1CVE-2008-5702 – kernel: watchdog: ib700wdt.c - buffer_underflow bug
https://notcve.org/view.php?id=CVE-2008-5702
Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call. Desbordamiento inferior de búfer en la función ibwdt_ioctl de drivers/watchdog/ib700wdt.c en el kernel de Linux anterior a 2.6.28-rc1, puede que permita a usuarios locales tener un impacto desconocido a través de determinada llamada /dev/watchdog WDIOC_SETTIMEOUT IOCTL. • http://bugzilla.kernel.org/show_bug.cgi?id=11399 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=7c2500f17d65092d93345f3996cf82ebca17e9ff http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lkml.org/lkml/2008/10/5/173 http://openwall.com/lists/oss-security/2008/12/10/2 http://openwall.com/lists/oss-security/2008/12/17/20 http://o • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 118EXPL: 0CVE-2008-5395
https://notcve.org/view.php?id=CVE-2008-5395
The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses. La función parisc_show_stack de arch/parisc/kernel/traps.c en el kernel de Linux anterior a v2.6.28-rc7 en PA-RISC; permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores asociados con un intento de retirar de una pila que contiene direcciones de espacio de usuario. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=7a3f5134a8f5bd7fa38b5645eef05e8a4eb62951 http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc7 http://marc.info/?l=linux-parisc&m=121736357203624&w=2 http://secunia.com/advisories/32933 http://secunia.com/advisories/33756 http://secunia.com/advisories/34981 http://secunia.com/advisories/35011 http://www.debian.org/security/2009/dsa-1787 http://www.debian.org/security/2009& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •