CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2010-4346 – kernel: install_special_mapping skips security_file_mmap check
https://notcve.org/view.php?id=CVE-2010-4346
22 Dec 2010 — The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. función install_special_mapping en mm/mmap.c en el kernel de Linux anterior v2.6.37-rc6 no crea una llamada a la función security_file_mmap esperada, lo que permite a usuarios locales superar la... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=462e635e5b73ba9a4c03913b77138cd57ce4b050 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3880 – kernel: logic error in INET_DIAG bytecode auditing
https://notcve.org/view.php?id=CVE-2010-3880
10 Dec 2010 — net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions. net/ipv4/inet_diag.c en el kernel Linux, en versiones anteriores a la 2.6.37-rc2, no audita apropiadamente el bytecode INET_DIAG, lo que permite a atacantes locales provo... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22e76c849d505d87c5ecf3d3e6742a65f0ff4860 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2010-4157 – kernel: gdth: integer overflow in ioc_general()
https://notcve.org/view.php?id=CVE-2010-4157
10 Dec 2010 — Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call. Desbordamiento de entero en la función ioc_general en drivers/scsi/gdth.c en el kernel Linux, en versiones anteriores a la 2.6.36.1 en plataformas de 64-bit, permite a atacantes locales provocar una denegación de servicio (corrupción de me... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f63ae56e4e97fb12053590e41a4fa59e7daa74a4 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2010-3861 – kernel: heap contents leak from ETHTOOL_GRXCLSRLALL
https://notcve.org/view.php?id=CVE-2010-3861
10 Dec 2010 — The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478. La función ethtool_get_rxnfc en net/core/ethtool.c en el kernel Linux, en versiones anteriores a la 2.6.36 no inicializa un cierto bloque de memoria dinámica, lo que permite a usuar... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ae6df5f96a51818d6376da5307d773baeece4014 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 6CVE-2010-3904 – Linux Kernel Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2010-3904
06 Dec 2010 — The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. La función rds_page_copy_user de net/rds/page.c en la implementación del protocolo "Reliable Datagram Sockets" (RDS) del kernel de Linux en versiones anteriores a la 2.6.36 no valida apropiadamente las... • https://packetstorm.news/files/id/155751 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2010-4080 – kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4080
30 Nov 2010 — The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. La función snd_hdsp_hwdep_ioctl en sound/pci/rme9652/hdsp.c en el kernel de Linux anterior a v2.6.36-rc6 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información sensible de la pila de l... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2010-4082 – kernel: drivers/video/via/ioctl.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4082
30 Nov 2010 — The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. La función viafb_ioctl_get_viafb_info en drivers/video/via/ioctl.c en el kernel de Linux anterior a v2.6.36-rc5 no inicializa correctamente un valor de una determinada estructura, lo que permite a usuarios locales obtener... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4aaa78f4c2f9cde2f335b14f4ca30b01f9651ca • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-4083 – kernel: ipc/sem.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4083
30 Nov 2010 — The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. La función copy_semid_to_user en ipc/sem.c en el kernel de Linux asntes de v2.6.36 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información potencialmente sensibl... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=982f7c2b2e6a28f8f266e075d92e19c0dd4c6e56 • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2010-4081 – kernel: drivers/sound/pci/rme9652/hdspm.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4081
30 Nov 2010 — The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. La función snd_hdspm_hwdep_ioctl en sound/pci/rme9652/hdspm.c en el kernel de Linux anterior a v2.6.36-rc6 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información sensible de la pila... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 2CVE-2010-3858 – Linux Kernel 2.6.37 - 'setup_arg_pages()' Denial of Service
https://notcve.org/view.php?id=CVE-2010-3858
30 Nov 2010 — The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240. La función setup_arg_pages en fs/exec.c en el kernel de Linux anterior a v2.6.36, cuando se utiliza CONFIG_STACK_GROWSD... • https://www.exploit-db.com/exploits/15619 • CWE-400: Uncontrolled Resource Consumption •