CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2010-2942 – kernel: net sched: fix some kernel memory leaks
https://notcve.org/view.php?id=CVE-2010-2942
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. La implementación de acciones en la funcionalidad de encolado de red en el kernel Linx anterior a v2.6.36-rc2 no inicializa apropiadamente ciertos miembros de estructura cuando se realizan acciones de volcado, lo que permite a usuarios locales obtener información potencialmente sensible de la memoria del kernel a través de vectores relacionados con (1) la funcion tcf_gact_dump en net/sched/act_gact.c, (2) la funcion tcf_mirred_dump en net/sched/act_mirred.c, (3) la funcion tcf_nat_dump en net/sched/act_nat.c, (4) la funcion tcf_simp_dump en net/sched/act_simple.c, y (5) la funcion tcf_skbedit_dump en net/sched/act_skbedit.c. • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://patchwork.oz • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3078 – kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak
https://notcve.org/view.php?id=CVE-2010-3078
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. La función xfs_ioc_fsgetxattr en fs/xfs/linux-2.6/xfs_ioctl.c del kernel Linux anterior a v2.6.36-rc4 no inicializa apropiadamente ciertos miembros de estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la pila de memoria del kernel a través de una llamada ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/41284 http://secunia.com/advisories/41512 http://secunia • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2010-3080 – kernel: /dev/sequencer open failure is not handled correctly
https://notcve.org/view.php?id=CVE-2010-3080
Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device. Vulnerabilidad de doble liberación en la función snd_seq_oss_open de sound/core/seq/oss/seq_oss_init.c en el kernel Linux anterior a v6.36-rc4 podría permitir a usuarios locales causar una denegación de servicio o posiblemente tener otro impacto sin especificar a través de de un intento fallido de abrir el dispositivo /dev/sequencer • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=c598337660c21c0afaa9df5a65bb4a7a0cf15be8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27f7ad53829f79e799a253285318bff79ece15bd http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42890 http://ww • CWE-415: Double Free •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 2CVE-2010-3301 – Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3301
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. La llamada del sistema IA32 para la emulación de binarios de 32 bits en arch/x86/ia32/ia32entry.S en el kernel Linux anterior a v2.6.36-rc4-git2 en la plataforma x86_64 no vuelve a cero el registro% eax después de la ruta de entrada de 32-bits cuando ptrace es utilizado, lo cual permite a usuarios locales conseguir privilegios mediante un acceso out-of-bounds a la tabla de llamadas al sistema usando el registro rax%. NOTA: esta vulnerabilidad ya existía en CVE-2007-4573 • https://www.exploit-db.com/exploits/15023 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=36d001c70d8a0144ac1d038f6876c484849a74de http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eefdca043e8391dcd719711716492063030b55ac http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42758 http://sota.gen.nz/compat2 http:&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-269: Improper Privilege Management •
CVSS: 8.3EPSS: 91%CPEs: 8EXPL: 0CVE-2010-3069 – Samba: Stack-based buffer overflow by processing specially-crafted SID records
https://notcve.org/view.php?id=CVE-2010-3069
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. Un desbordamiento de búfer basado en pila en las funciones (1) sid_parse y (2) dom_sid_parse en Samba anterior a v3.5.5 permite a los atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código a su elección a través de Windows Security ID (SID) manipulados en un fichero compartido. • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://lists.opensuse.org/opensuse-sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •