CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 1CVE-2012-3400 – kernel: udf: buffer overflow when parsing sparing table
https://notcve.org/view.php?id=CVE-2012-3400
03 Oct 2012 — Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. Desbordamiento de búfer basado en memoria dinámica en la función udf_load_logicalvol en fs/udf/super.c en el Kernel de Linux anteriores a v3.4.5, permite a atacantes remotos causar una denegación de servicio (caída del sistema) o posiblemente tener otro impa... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1df2ae31c724e57be9d7ac00d78db8a5dabdd050 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 1CVE-2011-1833 – kernel: ecryptfs: mount source TOCTOU race
https://notcve.org/view.php?id=CVE-2011-1833
03 Oct 2012 — Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. Condición de carrera en la función ecryptfs_mount en fs/ecryptfs/main.c en el subsistema eCryptfs en el Kernel de Linux anteriores a v3.1 permite a usuarios locales evitar los permisos de ficheros impuestos a través de montar una unidad con mount.ecryptfs_private con un uid... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=764355487ea220fdc2faf128d577d7f679b91f97 • CWE-264: Permissions, Privileges, and Access Controls CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2011-3209 – kernel: panic occurs when clock_gettime() is called
https://notcve.org/view.php?id=CVE-2011-3209
03 Oct 2012 — The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call. La implementación de div_long_long_rem en include/asm-x86/div64.h en el Kernel de Linux anteriores a v2.6.26 en plataformas x86 permite a usuarios locales provocar una denegación de servicio (Divide Error Fault y pánico) a través de una llamada al sistema clock_gettime. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26 • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 0%CPEs: 187EXPL: 1CVE-2012-3510 – kernel: taskstats: use-after-free in xacct_add_tsk()
https://notcve.org/view.php?id=CVE-2012-3510
03 Oct 2012 — Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. Vulnerabilidad de uso después de liberación en la función xacct_add_tsk en kernel/tsacct.c en kernel Linux antes de v2.6.19, permite a usuarios locales obtener información de la memoria del kernel o causar una denegación de se... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 53EXPL: 1CVE-2012-3520 – kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing
https://notcve.org/view.php?id=CVE-2012-3520
03 Oct 2012 — The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager. La implementación Netlink en el kernel Linux antes de v3.2.30, no controla correctamente los mensajes que carecen de datos SCM_CREDENTIALS, lo que podría permitir a usuarios locales falsificar la comunicación Netlink a través de un mens... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 2CVE-2012-3430 – Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure
https://notcve.org/view.php?id=CVE-2012-3430
03 Oct 2012 — The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. La función rds_recvmsg en net/rds/recv.c en el Kernell de Linux anteriores a v3.0.44 no inicializa el cierto miembro de la estructura, lo que permite a usuarios locales a obtener información potencialmente sensible de la pila de ... • https://www.exploit-db.com/exploits/37543 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 67EXPL: 2CVE-2012-3375 – Linux Kernel 3.2.24 - 'fs/eventpoll.c' Local Denial of Service
https://notcve.org/view.php?id=CVE-2012-3375
03 Oct 2012 — The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. La llamada al sistema epoll_ctl en fs/eventpoll.c en el Kernel de Linux anteriores a v3.2.24 no gestiona de ... • https://www.exploit-db.com/exploits/19605 •
CVSS: 9.1EPSS: 0%CPEs: 104EXPL: 1CVE-2012-3511 – kernel: mm: use-after-free in madvise_remove()
https://notcve.org/view.php?id=CVE-2012-3511
03 Oct 2012 — Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. Múltiples vulnerabilidades de condición de carrera en la función madvise_remove en el kernel Linux antes de v3.4.5, permite a usuarios locales causar una denegación de servicio (uso después de liberación y caída del sistema) a través de vectores que implican (1) mu... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 4%CPEs: 21EXPL: 0CVE-2012-2744 – kernel: netfilter: null pointer dereference in nf_ct_frag6_reasm()
https://notcve.org/view.php?id=CVE-2012-2744
09 Aug 2012 — net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. net/ipv6/netfilter/nf_conntrack_reasm.c en el kernel de Linux anterior a v2.6.34, cuando el módulo nf_conntrack_ipv6 está habilitado, permite a atacantes remotos causar una denegación de servicio (referencia de puntero a NULL y caída del sistema) m... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2373 – kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition
https://notcve.org/view.php?id=CVE-2012-2373
09 Aug 2012 — The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition. El kernel de Linux anterior a v3.4.5 en la plataforma x86, cuando Physical Address Extension (PAE) está activada, no utiliza correctamente Page Middle Directory (PMD), permitiendo a usuarios locales causar una denegación de servicio a t... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26c191788f18129af0eb32a358cdaea0c7479626 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •