CVSS: 7.8EPSS: 2%CPEs: 29EXPL: 0CVE-2013-2017 – kernel: veth: double-free flaw in case of congestion
https://notcve.org/view.php?id=CVE-2013-2017
03 May 2013 — The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error. El driver Veth (también conocido como Ethernet virtual) en el kernel Linux anterior a v2.6.34 no gestiona adecuadamente skbs durante la congestión, lo que permite a atacantes remotos provocar una denegación de servicio (caída del sistema... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1979 – kernel: net: incorrect SCM_CREDENTIALS passing
https://notcve.org/view.php?id=CVE-2013-1979
03 May 2013 — The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. La función scm_set_cred en include/net/scm.h en el Kernel de Linux anterior a v3.8.11 usa valores uid y gid incorrectos durante el pase de credenciales, lo que permite a usuarios locales ganar privilegios mediante una aplicación especialmente diseñada Security fixes: It was found that the kernel-r... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=83f1b4ba917db5dc5a061a44b3403ddb6e783494 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 196EXPL: 0CVE-2013-1928 – Kernel: information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE
https://notcve.org/view.php?id=CVE-2013-1928
29 Apr 2013 — The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. La función do_video_set_spu_palette en fs/compat_ioctl.c del kernel de Linux antes de v3.6.5 en arquitecturas sin especificar carece de un control de errores, per puede permitir a usuarios locales obtener i... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=12176503366885edd542389eed3aaf94be163fdb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 204EXPL: 0CVE-2013-3302
https://notcve.org/view.php?id=CVE-2013-3302
29 Apr 2013 — Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event. Condición de carrera en la función smb_send_rqst en fs/CIFS/transport.c en el kernel de Linux antes de v3.7.2 permite a usuarios locales provocar una denegación de servicio (referencia a un puntero NULL y caida) o posiblemente tener otro imp... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ea702b80e0bbb2448e201472127288beb82ca2fe • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.2EPSS: 0%CPEs: 208EXPL: 0CVE-2013-2015 – Mandriva Linux Security Advisory 2013-265
https://notcve.org/view.php?id=CVE-2013-2015
29 Apr 2013 — The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. La funcion ext4_orphan_del en fs/ext4/namei.c en Linux Kernel anterior a v3.7.3 no maneja adecuadamente las cabeceras orphan-list para sistemas de f... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e9a9a1ad619e7e987815d20262d36a2f95717ca • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1958
https://notcve.org/view.php?id=CVE-2013-1958
24 Apr 2013 — The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created. La función scm_check_creds en net/core/scm.c en el kernel de Linux antes de v3.8.6 no hace cumplir adecuadamente los requisitos d... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=92f28d973cce45ef5823209aab3138eb45d8b349 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1957
https://notcve.org/view.php?id=CVE-2013-1957
24 Apr 2013 — The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace. La función clone_mnt en fs/namespace.c en el kernel Linux antes de v3.8.6 no restringe adecuadamente los cambios en la bandera MNT_READONLY, lo que permite a usuarios locales eludir una propiedad de sólo lectura prevista de un sistema de archivos median... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=132c94e31b8bca8ea921f9f96a57d684fa4ae0a9 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1956
https://notcve.org/view.php?id=CVE-2013-1956
24 Apr 2013 — The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call. La función create_user_ns en kernel/user_namespace.c en el kernel Linux antes de v3.8.6 no comprueba si existe un directorio de chroot que difiere del directorio raíz de espacio de nombres, que permite a los usuarios locales p... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3151527ee007b73a0ebd296010f1c0454a919c7d • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3236
https://notcve.org/view.php?id=CVE-2013-3236
22 Apr 2013 — The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función vmci_transport_dgram_dequeue en net/vmw_vsock/vmci_transport.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener info... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=680d04e0ba7e926233e3b9cee59125ce181f66ba • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-3076 – Kernel: crypto: algif - suppress sending source address information in recvmsg
https://notcve.org/view.php?id=CVE-2013-3076
22 Apr 2013 — The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. La API crypto en el kernel de Linux hasta v3.9-rc8 no inicializa cierta longitud de variables, permitiendo a usuarios locales obtener información sensible desde la ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •