CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4256
https://notcve.org/view.php?id=CVE-2010-4256
25 Jan 2011 — The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an F_SETPIPE_SZ fcntl call. La función pipe_fcntl en fs/pipe.c en el kernel de Linux anteriores a v2.6.37 no determinar correctamente si un archivo es una tubería (pipe) con nombre, que permite a usuarios locales causar una denegación de servicio a través de una llamada F_SETPIPE_SZ fcntl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c66fb347946ebdd5b10908866ecc9fa05ee2cf3d • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2010-4238 – kernel: Xen Dom0 crash with Windows 2008 R2 64bit DomU + GPLPV
https://notcve.org/view.php?id=CVE-2010-4238
22 Jan 2011 — The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information. La función vbd_create de Xen 3.1.2, cuando el kernel de Linux 2.6.18 de Red Hat Enterprise Linux (RHEL) 5 es utilizado, permite a usuarios del SO invitados provocar una denegación de... • http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2010-4243 – Linux Kernel 2.6.37 - 'setup_arg_pages()' Denial of Service
https://notcve.org/view.php?id=CVE-2010-4243
22 Jan 2011 — fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858. fs/exec.c del kernel de Linux en versiones anteriores a la 2.6.37 no habilita el "OOM Killer" para evaluar el uso de la memoria de pila por los arrays de los (1) argumentos y (... • https://www.exploit-db.com/exploits/15619 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.9EPSS: 0%CPEs: 24EXPL: 4CVE-2010-4263 – kernel: igb panics when receiving tag vlan packet
https://notcve.org/view.php?id=CVE-2010-4263
18 Jan 2011 — The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame. La función igb_receive_skb de drivers/net/igb/igb_main.c en el subsistema Intel Gigabit Ethernet (igb) ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=31b24b955c3ebbb6f3008a6374e61cf7c05a193c • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 206EXPL: 1CVE-2010-3086 – kernel panic via futex
https://notcve.org/view.php?id=CVE-2010-3086
14 Jan 2011 — include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault. include/asm-x86/futex.h en el kernel de Linux anterior a v2.6.25 no aplica adecuadamente corrección de excepciones, lo que permite a usuarios locales causar una denegación de servicio (mediante un 'panic') a través de una solicitud válida que provoca un fallo de página. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9d55b9923a1b7ea8193b8875c57ec940dc2ff027 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-4527 – kernel: buffer overflow in OSS load_mixer_volumes
https://notcve.org/view.php?id=CVE-2010-4527
13 Jan 2011 — The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call. La función load_mixer_volumes en sound/oss/soundcard.c en el subsistema de sonido OSS del núcleo Linux anterior a v2.6.37 espera incorrect... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d81a12bc29ae4038770e05dce4ab7f26fd5880fb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4529
https://notcve.org/view.php?id=CVE-2010-4529
13 Jan 2011 — Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call. Un desbordamiento de enteros en la función irda_getsockopt en net/irda/af_irda.c en el kernel de Linux anterior a v2.6.37 en plataformas no x86 permite a usuarios locales obtener información potencialmente sensible de la memoria del kernel a través ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdac1e0697356ac212259f2147aa60c72e334861 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.1EPSS: 3%CPEs: 8EXPL: 0CVE-2010-4526 – kernel: sctp: a race between ICMP protocol unreachable and connect()
https://notcve.org/view.php?id=CVE-2010-4526
11 Jan 2011 — Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. Condición de carrera en el kernel de Linux 2.6.11-rc2 hasta 2.6.33. Permite a atacantes remotos provocar una denegación de servicio (kernel... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2010-3865 – kernel: iovec integer overflow in net/rds/rdma.c
https://notcve.org/view.php?id=CVE-2010-3865
11 Jan 2011 — Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow. Desbordamiento de enteros en la función rds_rdma_pages en net/rds/rdma.c en el núcleo de Linux permite a usuarios locales causar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de una e... • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2010-4247 – xen: request-processing loop is unbounded in blkback
https://notcve.org/view.php?id=CVE-2010-4247
11 Jan 2011 — The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information. La función do_block_io_op en (1) ldrivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blkt... • http://secunia.com/advisories/35093 • CWE-20: Improper Input Validation •