CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 2CVE-2013-3301 – Linux Kernel 3.2.1 - Tracing Multiple Local Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3301
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. La implementacion ftrace en Linux Kernel anterior a v3.8.8 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) o posiblemente tener otro impacto no especificado a través del aprovechamiento de la capacidad CAP_SYS_ADMIN para el acceso de escritura a los ficheros (1) set_ftrace_pid o (2) set_graph_function y luego hacer una llamada al sistema "lseek". • https://www.exploit-db.com/exploits/38465 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata/RHSA-2013-1051.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8 http://www.openwall.com/lists/oss-security/2013/04/15/1 http:// • CWE-476: NULL Pointer Dereference •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2010-3881 – kvm: arch/x86/kvm/x86.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-3881
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. arch/x86/kvm/x86.c en el kernel de Linux v2.6.36.2 no inicializa ciertos miembros de estructura, lo que permite a usuarios locales obtener información potencialmente sensible del la pila de la pila de memoria del kernel a través de operaciones de lectura en el dispositivo /dev/kvm device. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838 http://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://openwall.com/lists/oss-security/2010/11/04/10 http://openwall.com/lists/oss-security/2010/11/05/4 http://rhn.redhat.com& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •