CVSS: 8.4EPSS: 30%CPEs: 273EXPL: 2CVE-2013-4579 – Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Information Disclosure
https://notcve.org/view.php?id=CVE-2013-4579
19 Nov 2013 — The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. La función ath9k_htc_set_bssid_mask en drivers/net/wireless/ath/ath9k/htc_drv_main.c del kernel de Linux hasta la versión 3.... • https://www.exploit-db.com/exploits/38826 • CWE-310: Cryptographic Issues •
CVSS: 6.2EPSS: 0%CPEs: 204EXPL: 1CVE-2013-4591 – kernel: nfs: missing check for buffer length in __nfs4_get_acl_uncached
https://notcve.org/view.php?id=CVE-2013-4591
19 Nov 2013 — Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. Desbordamiento de búfer en la función __nfs4_get_acl_uncached en fs/nfs/nfs4proc.c del kernel de Linux anterior a la versión 3.7.2 permite a usuarios locales provocar ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d3e91a89b7adbc2831334def9e494dd9892f9af • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 234EXPL: 2CVE-2013-4592 – kernel: kvm: memory leak when memory slot is moved with assigned device
https://notcve.org/view.php?id=CVE-2013-4592
19 Nov 2013 — Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. Filtración de memoria en la función __kvm_set_memory_region de virt/kvm/kvm_main.c en el kernel de Linux anterior a la versión 3.9 permite a usuarios locales provocar una denegación de servicio (consumo de memoria) mediante el aprovechamiento de cierto acceso al d... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=12d6e7538e2d418c08f082b1b44ffa5fb7270ed8 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.7EPSS: 4%CPEs: 3EXPL: 6CVE-2013-6282 – Linux Kernel Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2013-6282
19 Nov 2013 — The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013. Las funciones de API (1) get_user y (2) put_user en el kernel de Linux anterior a la versión 3.5.5 en las plataformas v6k y v7 ARM no validan ciertas direcciones, lo q... • https://www.exploit-db.com/exploits/31574 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2013-6763
https://notcve.org/view.php?id=CVE-2013-6763
12 Nov 2013 — The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511. La función uio_mmap_physical en drivers/uio/uio.c del kernel de Linux anterior a la versión 3.12 no valida el tamaño de un bloque de memoria, lo que permite a usuarios locales provocar una denegación de se... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7314e613d5ff9f0934f7a0f74ed7973b903315d1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2013-4511
https://notcve.org/view.php?id=CVE-2013-4511
12 Nov 2013 — Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. Múltiples desbordamientos de enteros en drivers frame-buffer en Alchemy LCD del kernel de Linux anterior a la versión 3.12 ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7314e613d5ff9f0934f7a0f74ed7973b903315d1 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 288EXPL: 1CVE-2013-4512
https://notcve.org/view.php?id=CVE-2013-4512
12 Nov 2013 — Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation. Desbordamiento de buffer en la función exitcode_proc_write de arch/um/kernel/exitcode.c del kernel de Linux anterior a la versión 3.12 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado mediante... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=201f99f170df14ba52ea4c52847779042b7a623b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 288EXPL: 0CVE-2013-4513
https://notcve.org/view.php?id=CVE-2013-4513
12 Nov 2013 — Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation. Desbordamiento de búffer en la función oz_cdev_write de drivers/staging/ozwpan/ozcdev.c en el kernel de Linux anterior a la versión 3.12 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de operaciones de e... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c2c65cd2e14ada6de44cb527e7f1990bede24e15 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 288EXPL: 1CVE-2013-4514
https://notcve.org/view.php?id=CVE-2013-4514
12 Nov 2013 — Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. Múltiples desbordamientos de buffer en drivers/staging/wlags49_h2/wl_priv.c en el kernel de Linux anterior a la versión 3.12 permite a usuarios locales prov... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b5e2f339865fb443107e5b10603e53bbc92dc054 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 288EXPL: 0CVE-2013-4515
https://notcve.org/view.php?id=CVE-2013-4515
12 Nov 2013 — The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. La función bcm_char_ioctl en drivers/staging/bcm/Bcmchar.c del kernel de Linux anterior a la versión 3.12 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener información sensible de la memoria del kernel ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d1e72250c847fa96498ec029891de4dc638a5ba • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •