CVE-2011-1090 – kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab
https://notcve.org/view.php?id=CVE-2011-1090
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL. La función __nfs4_proc_set_ac en fs/nfs/nfs4proc.c en el Kernel de Linux anterior a v.2.6.38 almacena datos NFSv4 ACL en memoria que es asignado por kmalloc pero no libera adecuadamente, lo que permite a usuarios locales provocar una denegación de servicio (pánico) a través de intentos manipulados para establecer un ACL. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9e3d724e2145f5039b423c290ce2b2c3d8f94bc http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://openwall.com/lists/oss-security/2011/03/07/12 http://openwall.com/lists/oss-security/2011/03/07/2 http://secunia.com/advisories/46397 http://securitytracker.com/id?1025336 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 http://www.securityfocus.com/archive/1/52 • CWE-399: Resource Management Errors •
CVE-2011-1494 – kernel: drivers/scsi/mpt2sas: prevent heap overflows
https://notcve.org/view.php?id=CVE-2011-1494
Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow. Desbordamiento de entero en la función _ctl_do_mpt_command en drivers/scsi/mpt2sas/mpt2sas_ctl.c en el kernel de Linux v2.6.38 y anteriores puede permitir a usuarios locales ganar privilegios o causar una denegación de servicio (corrupción de memoria) a través de una llamada ioctl especificando un valor manipulado provocando un desbordamiento de búfer basado en heap. • http://downloads.avaya.com/css/P8/documents/100145416 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://lkml.org/lkml/2011/4/5/327 http://openwall.com/lists/oss-security/2011/04/05/32 http://openwall.com/lists/oss-security/2011/04/06/2 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://secunia.com/advisories/46397 http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/47185 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVE-2011-1495 – kernel: drivers/scsi/mpt2sas: prevent heap overflows
https://notcve.org/view.php?id=CVE-2011-1495
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. drivers/scsi/mpt2sas/mpt2sas_ctl.c en el kernel de Linux v2.6.38 y anteriores no valida (1) la longitud y (2) los valores de desplazamiento (el 'offset') antes de realizar operaciones de copia de memoria, lo que podría permitir a usuarios locales conseguir privilegios, provocar una denegación de servicio (por corrupción de memoria), u obtener información sensible de la memoria del kernel a través de una llamada ioctl debidamente modificada a través de las funciones _ctl_do_mpt_command y _ctl_diag_read_buffer. • http://downloads.avaya.com/css/P8/documents/100145416 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://lkml.org/lkml/2011/4/5/327 http://openwall.com/lists/oss-security/2011/04/05/32 http://openwall.com/lists/oss-security/2011/04/06/2 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://secunia.com/advisories/46397 http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/47185 http: • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1577 – kernel: corrupted GUID partition tables can cause kernel oops
https://notcve.org/view.php?id=CVE-2011-1577
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media. Desbordamiento de búfer basado en memoria dinámica en la función is_gpt_valid en fs/partitions/efi.c en el kernel de Linux v2.6.38 y anteriores, permite a atacantes físicamente próximos causar una denegación de servicio (OOPS) o posiblemente tener un impacto no especificado a través de un tamaño manipulado de la cabecera de partición EFI GUID en un medio extraíble. • http://downloads.avaya.com/css/P8/documents/100145416 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html http://openwall.com/lists/oss-security/2011/04/12/17 http://openwall.com/lists/oss-security/2011/04/13/1 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://securityreason.com/securityalert/8238 http://securitytracker.com/id?1025355 http://www.securityfocus.com/archive/1/517477/100/0/threaded http://www.securityfocus.com/bid/47343 http:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3015 – kernel: integer overflow in ext4_ext_get_blocks()
https://notcve.org/view.php?id=CVE-2010-3015
Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation. Derbordamiento de entero en la función ext4_ext_get_blocks en fs/ext4/extents.c en el kernel de Linux anterior a v2.6.34 permite a usuarios locales provocar una denegación de servicio (BUG y caída de sistema) a través de una operación de sobreescritura en el último bloque de un archivo grande, seguido por una operación "sync". • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=731eb1a03a8445cde2cb23ecfb3580c6fa7bb690 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://marc.info/?l=oss-security&m=128192548904503&w=2 http://marc.info/?l=oss-security&m=128197862004376&w=2 http://marc.info/?l=oss-security&m • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •