CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2010-2942 – kernel: net sched: fix some kernel memory leaks
https://notcve.org/view.php?id=CVE-2010-2942
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. La implementación de acciones en la funcionalidad de encolado de red en el kernel Linx anterior a v2.6.36-rc2 no inicializa apropiadamente ciertos miembros de estructura cuando se realizan acciones de volcado, lo que permite a usuarios locales obtener información potencialmente sensible de la memoria del kernel a través de vectores relacionados con (1) la funcion tcf_gact_dump en net/sched/act_gact.c, (2) la funcion tcf_mirred_dump en net/sched/act_mirred.c, (3) la funcion tcf_nat_dump en net/sched/act_nat.c, (4) la funcion tcf_simp_dump en net/sched/act_simple.c, y (5) la funcion tcf_skbedit_dump en net/sched/act_skbedit.c. • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://patchwork.oz • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3078 – kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak
https://notcve.org/view.php?id=CVE-2010-3078
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. La función xfs_ioc_fsgetxattr en fs/xfs/linux-2.6/xfs_ioctl.c del kernel Linux anterior a v2.6.36-rc4 no inicializa apropiadamente ciertos miembros de estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la pila de memoria del kernel a través de una llamada ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/41284 http://secunia.com/advisories/41512 http://secunia • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 2CVE-2010-3081 – Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3081
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. Las funciones compat_alloc_user_space en los ficheros include/asm/compat.h del kernel de Linux en versiones anteriores a la v2.6.36-rc4-git2 en plataformas de 64-bit no reservan adecuadamente la memoria del espacio de usuario requerida para la capa de compatibilidad de 32-bit, lo que permite a usuarios locales escalar privilegios basándose en la capacidad de la función compat_mc_getsockopt (también conocido como soporte MCAST_MSFILTER getsockopt) para controlar un valor de longitud determinado, relacionado con un "stack pointer underflow", como se ha demostrado en septiembre del 2010. • https://www.exploit-db.com/exploits/15024 http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html http://blog.ksplice.com/2010/09/cve-2010-3081 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c41d68a513c71e35a14f66d71782d27a79a81ea6 http://isc.sans.edu/diary.html?storyid=9574 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2010-2960
https://notcve.org/view.php?id=CVE-2010-2960
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. La función keyctl_session_to_parent en security/keys/keyctl.c en el kernel de Linux v2.6.35.4 y anteriores, espera que determinados keyrings de sesión aparezcan, lo que permite a usuarios locales provocar una denegación de servicio(deferencia a puntero nulo y caída de sistema) o posiblemente tener otro impacto sin especificar a través del argumento KEYCTL_SESSION_TO_PARENT a la función keyctl. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/41263 http://securitytracker.com/id?1024384 http://twitter.com/taviso/statuses/22777866582 http://www.openwall.com/lists/oss-security/2010/09/02/1 http://www.securityfocus.com/bid/42932 http://www.ubuntu.com/usn/USN-1000-1 http://www.vupen.com/english/advisories/2011/0298 https://bugzilla.redhat.c • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2010-2495
https://notcve.org/view.php?id=CVE-2010-2495
The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change. La función pppol2tp_xmit en drivers/net/pppol2tp.c en la implementación L2TP en el kernel de Linux anterior a v2.6.34, no valida adecuadamente determinados valores asociados a un interfaz, lo que permite a atacantes provocar una denegación de servicio (deferencia a puntero null y OOPS) o posiblemente tener otro impacto no especificados a través de vectores relacionados con un cambio de enrutamiento. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 http://www.openwall.com/lists/oss-security/2010/06/23/3 http://www.openwall.com/lists/oss-security/2010/07/04/2 http://www.openwall.com/lists/oss-security/2010/07/04/3 http://www.openwall.com/lists/oss-security/ • CWE-476: NULL Pointer Dereference •