CVSS: 5.0EPSS: 6%CPEs: 4EXPL: 0CVE-2010-3873
https://notcve.org/view.php?id=CVE-2010-3873
The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164. La implementación de X.25 en el kernel de Linux anterior a v2.6.36.2 no analiza adecuadamente las instalaciones, lo que permite a atacantes remotos provocar una denegación de servicio (daños en el montón de memoria y el pánico) o posiblemente tener un impacto no especificado a través de formato incorrecto (1) X25_FAC_CALLING_AE o (2) Los datos X25_FAC_CALLED_AE, relacionados con net/x25/x25_facilities.c y net/x25/x25_in.c, una vulnerabilidad diferente de CVE-2010-4164. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6331d6f9a4298173b413cf99a40cc86a9d92c37 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://openwall.com/lists/oss-security/2010/11/03/2 http://openwall.com/lists/oss-security/2010/11/04/3 http://secunia.com/advisories/43291 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org/pub&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 12EXPL: 1CVE-2010-3848 – Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3848
Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures. Desbordamiento de búfer basado en pila en la función econet_sendmsg en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2, cuando hay configurada una dirección econet, permite a usuarios locales conseguir privilegios, proporcionando un gran número de estructuras iovec. • https://www.exploit-db.com/exploits/17787 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a27e13d370415add3487949c60810e36069a23a6 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://openwall.com/lists/oss-security/2010/11/30/1 http://secunia.com/advisories/43056 http://secunia.com&# • CWE-787: Out-of-bounds Write •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2010-4080 – kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4080
The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. La función snd_hdsp_hwdep_ioctl en sound/pci/rme9652/hdsp.c en el kernel de Linux anterior a v2.6.36-rc6 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información sensible de la pila de la memoria del kernel a través de una llamada ioctl SNDRV_HDSP_IOCTL_GET_CONFIG_INFO. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lkml.org/lkml/2010/9/25/41 http://secunia.com/advisories/42778 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 1.9EPSS: 0%CPEs: 15EXPL: 0CVE-2010-4072 – kernel: ipc/shm.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4072
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." La función copy_shmid_to_user de ipc/shm.c del kernel de Linux en versiones anteriores a la 2.6.37-rc1 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información potencialmente confidencial de la memoria de la pila a través de vectores de ataque relacionados con la llamada del sistema shmctl y el interfaz shm antigua. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://lkml.or • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 1.9EPSS: 0%CPEs: 10EXPL: 2CVE-2010-4073 – Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-4073
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. El subsistema ipc del kernel de Linux en versiones anteriores a la 2.6.37-rc1 no inicializa determinadas estructuras, lo que permite a usuarios locales obtener información potencialmente confidencial de la memoria de la pila del kernel a través de vectores relacionados con las funciones (1) compat_sys_semctl, (2) compat_sys_msgctl, y (3) compat_sys_shmctl de ipc/compat.c; y las funciones (4) compat_sys_mq_open y (5) compat_sys_mq_getsetattr de ipc/compat_mq.c. • https://www.exploit-db.com/exploits/17787 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=03145beb455cf5c20a761e8451e30b8a74ba58d9 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-ann • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •