CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2014-1739 – Linux Kernel 3.3.5 - '/drivers/media/media-device.c' Local Information Disclosure
https://notcve.org/view.php?id=CVE-2014-1739
23 Jun 2014 — The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. La función media_device_enum_entities en drivers/media/media-device.c en el kernel de Linux anterior a 3.14.6 no inicializa cierta estructura de datos, lo que permite a usuarios locales obtener informació... • https://www.exploit-db.com/exploits/39214 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4157
https://notcve.org/view.php?id=CVE-2014-4157
23 Jun 2014 — arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem. arch/mips/include/asm/thread_info.h en el kernel de Linux anterior a 3.14.8 en la plataforma MIPS no configura comprobaciones _TIF_SECCOMP en la ruta rápida de llamadas del sistema, lo que permite a u... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=137f7df8cead00688524c82360930845396b8a21 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 35EXPL: 0CVE-2014-4027 – Kernel: target/rd: imformation leakage
https://notcve.org/view.php?id=CVE-2014-4027
23 Jun 2014 — The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. La función rd_build_device_space en drivers/target/target_core_rd.c en el kernel de Linux anterior a 3.14 no inicializa debidamente cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la mem... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4508 – Kernel: x86_32: BUG in syscall auditing
https://notcve.org/view.php?id=CVE-2014-4508
23 Jun 2014 — arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. arch/x86/kernel/entry_32.S en el kernel de Linux hasta 3.15.1 en plataformas de 32-bit x86, cuando la auditoria de llamadas de sistema está habilitada y la etiqueta de la funcionalidad de la CPU sep está configurada, per... • http://article.gmane.org/gmane.linux.kernel/1726110 • CWE-189: Numeric Errors CWE-391: Unchecked Error Condition •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 4CVE-2014-4014 – Linux Kernel 3.13 - SGID Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4014
21 Jun 2014 — The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. La implementación de capacidades en el kernel de Linux anterior a 3.14.8 no considera debidamente que los espacios de nombres no sean aplicables a inodos, lo que permite a usuarios locales evadi... • https://packetstorm.news/files/id/137628 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.7EPSS: 0%CPEs: 16EXPL: 0CVE-2014-3940 – Kernel: missing check during hugepage migration
https://notcve.org/view.php?id=CVE-2014-3940
05 Jun 2014 — The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c. El kernel de Linux hasta 3.14.5 no considera debidamente la presencia de entradas hugetlb, lo que permite a usuarios locales causar una d... • http://rhn.redhat.com/errata/RHSA-2015-0290.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-3917 – kernel: DoS with syscall auditing
https://notcve.org/view.php?id=CVE-2014-3917
05 Jun 2014 — kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. kernel/auditsc.c en el kernel de Linux hasta 3.14.5, cuando CONFIG_AUDITSYSCALL está habilitado con ciertas normas syscall, permite a usuarios locales obtener valores de un único bit potencialmente sensibles de la memoria del kernel... • http://article.gmane.org/gmane.linux.kernel/1713179 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 14CVE-2014-3153 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-3153
05 Jun 2014 — The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. La función futex_requeue en kernel/futex.c en el kernel de Linux hasta 3.14.5 no asegura que las llamadas tengan dos direcciones futex diferentes, lo que permite a usuarios locales ganar privilegios a través de un comando FUTEX_REQUEUE manipula... • https://packetstorm.news/files/id/130329 •
CVSS: 7.1EPSS: 0%CPEs: 230EXPL: 0CVE-2012-6647 – Kernel: futex: forbid uaddr == uaddr2 in futex_wait_requeue_pi()
https://notcve.org/view.php?id=CVE-2012-6647
26 May 2014 — The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command. La función futex_wait_requeue_pi en kernel/futex.c en el kernel de Linux anterior a 3.5.1 no asegura que llamadas tienen dos direcciones futex diferentes, lo que permite a usuari... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f7b0a2a5c0fb03be7c25bd1745baa50582348ef • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3122 – Kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking
https://notcve.org/view.php?id=CVE-2014-3122
11 May 2014 — The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. La función try_to_unmap_cluster en mm/rmap.c en el kernel de Linux anterior a 3.14.3 no considera debidamente que páginas deben cerrarse, lo que permite a usuarios locales causar una denegación de servicio (caída de sistema)... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=57e68e9cd65b4b8eb4045a1e0d0746458502554c • CWE-400: Uncontrolled Resource Consumption •