CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1776 – kernel: validate size of EFI GUID partition entries
https://notcve.org/view.php?id=CVE-2011-1776
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. La función is_gpt_valid en fs/partitions/efi.c en el kernel de Linux v2.6.39 no comprueba el tamaño de una Tabla de particiones GUID (GPT) de un Interface Firmware Extensible (EFI), lo que permite causar a atacantes físicamente próximos una denegación de servicio (desbordamiento de memoria basado en monticulo y OOPS) u obtener información confidencial de la memoria dinámica del kernel conectando un dispositivo GPT de almacenamiento hecho a mano. Se trata de una vulnerabilidad diferente a CVE-2011-1577. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa039d5f6b126fbd65eefa05db2f67e44df8f121 http://openwall.com/lists/oss-security/2011/05/10/4 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://securityreason.com/securityalert/8369 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt http://www.securityfocus.com/bid/47796 https://bugzilla.redhat.com/show_bug.cgi?id=703026 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1746 – kernel: agp: insufficient page_count parameter checking in agp_allocate_memory()
https://notcve.org/view.php?id=CVE-2011-1746
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. Multiples desbordamientos de enteros en las funciones agp_allocate_memory y agp_create_user_memory en los drivers /char/agp/generic.c del kernel de Linux con anterioridad a v2.6.38.5 permite a los usuarios locales provocar desbordamientos de búfer, y causar en consecuencia, una denegación de servicio ( caída del sistema ) o, posiblemente, tener un impacto no especificado, a través de vectores relacionados con las llamadas que especifican un amplio número de páginas de memoria. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b522f02184b413955f3bc952e3776ce41edc6355 http://openwall.com/lists/oss-security/2011/04/21/4 http://openwall.com/lists/oss-security/2011/04/22/7 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5 http://www.securityfocus.com/bid/47535 https://bugzilla.redhat.com/show_bug.cgi?id=698998 https://lkml.org/lkml/2011/4/14&#x • CWE-189: Numeric Errors •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2011-2022 – kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
https://notcve.org/view.php?id=CVE-2011-2022
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. La función agp_generic_remove_memory en los drivers /char/agp/generic.c del kernel de Linux con anterioridad a v2.6.38.5 no valida un parámetro de inicio determinado, lo que permite a usuarios locales conseguir privilegios o causar una denegación de servicio ( fallo del sistema ) a través de una llamada manipulada AGPIOC_UNBIND agp_ioctl ioctl, es una vulnerabilidad diferente de CVE -2011- 1745. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=194b3da873fd334ef183806db751473512af29ce http://openwall.com/lists/oss-security/2011/04/21/4 http://openwall.com/lists/oss-security/2011/04/22/7 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5 http://www.securityfocus.com/bid/47843 https://bugzilla.redhat.com/show_bug.cgi?id=698996 https://lkml.org/lkml/2011/4/14&#x • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1745 – kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
https://notcve.org/view.php?id=CVE-2011-1745
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. Desbordamiento de enteros en la función agp_generic_insert_memory en los drivers /char/agp/generic.c del kernel de Linux con anterioridad a v2.6.38.5 permite a usuarios locales conseguir privilegios o causar una denegación de servicio ( fallo del sistema ) a través de una llamada ioctl manipulada a AGPIOC_BIND agp_ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=194b3da873fd334ef183806db751473512af29ce http://openwall.com/lists/oss-security/2011/04/21/4 http://openwall.com/lists/oss-security/2011/04/22/7 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5 http://www.securityfocus.com/bid/47534 https://bugzilla.redhat.com/show_bug.cgi?id=698996 https://lkml.org/lkml/2011/4/14&#x • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2011-0714 – kernel: deficiency in handling of invalid data packets in lockd
https://notcve.org/view.php?id=CVE-2011-0714
Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function. Vulnerabilidad de tipo "use-after-free" (usar después de liberar) en un determinado parche de Red Hat para la funcionalidad de sockets de servidor RPC del kernel de Linux 2.6.32 de Red Hat Enterprise Linux (RHEL) 6. Puede permitir a atacantes remotos provocar una denegación de servicio (caída) a través de datos mal formados en un paquete. Relacionado con lockd y la función svc_xprt_received. • http://openwall.com/lists/oss-security/2011/03/08/17 http://openwall.com/lists/oss-security/2011/03/09/1 https://bugzilla.redhat.com/show_bug.cgi?id=678144 https://rhn.redhat.com/errata/RHSA-2011-0329.html https://access.redhat.com/security/cve/CVE-2011-0714 • CWE-399: Resource Management Errors •