CVE-2009-3620 – kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised
https://notcve.org/view.php?id=CVE-2009-3620
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. El controlador ATI Rage 128 (también conocido como r128), en el Kernel de Linux anterior a v2.6.31-git11 no verifica de forma adecuada el estado de inicialización del "Concurrent Command Engine (CCE)", lo que permite a usuarios locales provocar una denegación de servicio (desreferenciación de puntero nulo y caída del sistema) o posiblemente obtener privilegios a través de llamadas ioctl sin especificar. • http://article.gmane.org/gmane.linux.kernel/892259 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html http://lists.vmware.com/pipermail/sec • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVE-2009-3621 – Linux Kernel 2.6.31.4 - 'unix_stream_connect()' Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-3621
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. net/unix/af_unix.c en el kernel de Linux v2.6.31.4 y anteriores permite a usuarios locales causar una denegación de servicio (el servidor se bloquea) creando un socket abstract-namespace AF_UNIX y realizando una operación de apagado en ese socket, para luego luego realizar una serie de operaciones de conexión en dicho socket. • https://www.exploit-db.com/exploits/10022 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce • CWE-400: Uncontrolled Resource Consumption •
CVE-2009-2910 – kernel: x86_64 32 bit process register leak
https://notcve.org/view.php?id=CVE-2009-2910
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. arch/x86/ia32/ia32entry.S en el kernel de Linux anteriores a v2.6.31.4 en plataformas x86_64 no limpia adecuadamente ciertos registros del kernel antes de regresar al modo usuario, lo que permite a usuarios locales leer valores del registro desde un proceso anterior mediante el cambio de un proceso ia32 al modo 64-bit • http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git%3Ba=commit%3Bh=24e35800cdc4350fc34e2bed37b608a9e13ab3b6 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lkml.org/lkml/2009/10/1/164 http://marc.info/?l=oss-security&m=125442304214452&w=2 http://marc.info/?l=oss-security&m=125444390112831&w • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-3228 – kernel: tc: uninitialised kernel memory leak
https://notcve.org/view.php?id=CVE-2009-3228
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. La función tc_fill_tclass en net/sched/sch_api.c del subsistema tc en el kernel de Linux v2.4.x anteriores a la v2.4.37.6 y v2.6.x anteriores a la v2.6.31-rc9 no inicializa un determinado miembro de la estructura (1) tcm__pad1 y (2) tcm__pad2, lo que permite a atacantes locales obtener información confidencial de la memoria del kernel a través de vectores de ataque sin especificar. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=096ed17f20affc2db0e307658c69b67433992a7a http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://patchwork.ozlabs.org/patch/32830 http://secunia.com/advisories/37084 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://www.kernel.org/pub/linux/k • CWE-401: Missing Release of Memory after Effective Lifetime CWE-909: Missing Initialization of Resource •
CVE-2009-3612 – kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7
https://notcve.org/view.php?id=CVE-2009-3612
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. La función tcf_fill_node en net/sched/cls_api.c del subsistema netlink en el kernel de Linux v2.6.x hasta la v2.6.32-rc5, y v2.4.37.6 y anteriores, no inicializa un determinado miembro de la estructura tcm__pad2, lo que puede permitir a usuarios locales obtener información confidencial de la memoria del kernel a través de vectores de ataque sin especificar. NOTA: esta vulnerabilidad existe debido a una solución incompleta de CVE-2005-4881. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad61df918c44316940404891d5082c63e79c256a http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://patchwork.ozlabs.org/patch/35412 http://secunia.com/advisories/37086 http://secunia& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •