CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3233
https://notcve.org/view.php?id=CVE-2013-3233
22 Apr 2013 — The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función llcp_sock_recvmsg en net/nfc/llcp/sock.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable y cierta estructura de datos, permitiendo a usuarios locales obtener... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d26d6504f23e803824e8ebd14e52d4fc0a0b09cb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 216EXPL: 1CVE-2013-1858
https://notcve.org/view.php?id=CVE-2013-1858
05 Apr 2013 — The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process. La implementación de la llamada al sistema clone en el kernel Linux anteriores a v3.8.3 no maneja de forma adecuada la combinación de las «flags» CLONE_NEWUSER y CLONE_FS, lo que permite a usuarios locales ob... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e66eded8309ebf679d3d3c1f5820d1f2ca332c71 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1792 – Kernel: keys: race condition in install_user_keyrings()
https://notcve.org/view.php?id=CVE-2013-1792
22 Mar 2013 — Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. Condición de carrera en la función install_user_keyrings en ??security/keys/process_keys.c en el kernel de Linux anterior a v3.8.3 que permite a usuarios locales provocar una denegación de servicio (desreferencia ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0da9dfdd2cd9889201bc6f6f43580c99165cd087 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1797 – kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME
https://notcve.org/view.php?id=CVE-2013-1797
22 Mar 2013 — Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. Vulnerabilidad después de liberación en arch/x86/kvm/x86.c en el kernel de Linux hasta v3.8.4 permite a los clientes usuarios del... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0b79459b482e85cb7426aa7da683a9f2c97aeae1 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2013-1798 – kernel: kvm: out-of-bounds access in ioapic indirect register reads
https://notcve.org/view.php?id=CVE-2013-1798
22 Mar 2013 — The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. La función ioapic_read_indirect virt/kvm/ioapic.c en el kernel de Linux hasta v3.8.4 no controla correctamente una determinada combinación de IOAPIC_REG_SELECT in... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2c118bfab8bc6b8bb213abfc35201e441693d55 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1826 – Kernel: xfrm_user: return error pointer instead of NULL
https://notcve.org/view.php?id=CVE-2013-1826
22 Mar 2013 — The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability. La función xfrm_state_netlink en net/xfrm/xfrm_user.c en el kernel de Linux anterior a v3.5.7 no controla correctamente las condiciones de error en las llamadas a funciones dump_one_stat... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2013-1827 – Kernel: dccp: check ccid before NULL poiter dereference
https://notcve.org/view.php?id=CVE-2013-1827
22 Mar 2013 — net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. net/dccp/ccid.h en el kernel de Linux anterior a v3.5.4 permite a usuarios locales obtener privilegios o causar una denegación de servicio (referencia a puntero NULL y caída del sistema) mediante el aprovechamiento de la capacidad CAP_NET_ADMIN para c... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=276bdb82dedb290511467a5a4fdbe9f0b52dce6f •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2013-1848 – kernel: ext3: format string issues
https://notcve.org/view.php?id=CVE-2013-1848
22 Mar 2013 — fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. fs/ext3/super.c en el kernel de Linux antes de v3.8.4 utiliza argumentos incorrectos para funciones en determinadas circunstancias relacionadas con la entrada printk, lo que permite a usuarios locales llevar a cabo ataques de formato de cadena (format-string) y... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0c2d10dd72c5292eda7a06231056a4c972e4cc • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0914 – Kernel: sa_restorer information leak
https://notcve.org/view.php?id=CVE-2013-0914
22 Mar 2013 — The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. La función flush_signal_handlers en kernel/signal.c en el núcleo de Linux anterior a v3.8.4 conserva el valor del campo sa_restorer a través de una operación exec, que hace más fácil a los usuarios de la zona para ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2ca39528c01a933f6689cd6505ce65bd6d68a530 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2634 – kernel: Information leak in the Data Center Bridging (DCB) component
https://notcve.org/view.php?id=CVE-2013-2634
22 Mar 2013 — net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. net/dcb/dcbnl.c en el kernel de Linux anterior a v3.8.4 no inicializa determinadas estructuras, lo que permite a atacantes locales obtener información sensible desde la pila del kernel mediante una aplicación especialmente diseñada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=29cd8ae0e1a39e239a3a7b67da1986add1199fc0 • CWE-399: Resource Management Errors •