CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-3234 – Linux Kernel 2.6.31 - 'perf_counter_open()' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-3234
17 Sep 2009 — Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a "big size data" to the perf_counter_open system call. Un desbordamiento de búfer en la función perf_copy_attr en el archivo kernel/perf_counter.c en el kernel de Linux versión 2.6.31-rc1, permite a los usuarios locales causar una denegación de servicio (bloqueo) y ejecutar código arbitrario por medio de un "big size da... • https://www.exploit-db.com/exploits/33228 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 15EXPL: 0CVE-2009-2903
https://notcve.org/view.php?id=CVE-2009-2903
15 Sep 2009 — Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams. Fuga de memoria en el subsistema appletalk en el Kernel de Linux v2.4.x hasta v2.4.37.6 y v2.6.x hasta v2.6.31, cuando los módulos appletalk y ipddp están cargados pero el dispositivo ipddp"N" no se encuentra, permite a at... • http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git%3Ba=commit%3Bh=ffcfb8db540ff879c2a85bf7e404954281443414 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 316EXPL: 4CVE-2009-3043 – Linux Kernel 2.6.x - 'drivers/char/tty_ldisc.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-3043
02 Sep 2009 — The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference) or possibly gain privileges via certain pseudo-terminal I/O activity, as demonstrated by KernelTtyTest.c. La función tty_ldisc_hangup en el archivo drivers/char/tty_ldisc.c en el kernel de Linux versiones 2.6.31-rc anteriores a 2.6.31-rc8, permite a los usuarios locales causar una denegación ... • https://www.exploit-db.com/exploits/33193 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 4CVE-2009-3001 – Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure
https://notcve.org/view.php?id=CVE-2009-3001
28 Aug 2009 — The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket. La función llc_ui_getname en net/llc/af_llc.c del kernel de Linux v2.6.31-rc7 y anteriores no inicializa cierta estructura de datos, lo que permite leer a los usuarios locales el contenido de algunas celdas de memoria del núcleo llamando a la función ge... • https://www.exploit-db.com/exploits/9513 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 5CVE-2009-3002 – Linux Kernel 2.6.30 - 'atalk_getname()' 8-bytes Stack Disclosure
https://notcve.org/view.php?id=CVE-2009-3002
28 Aug 2009 — The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the... • https://www.exploit-db.com/exploits/9521 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 315EXPL: 1CVE-2009-2695 – kernel: SELinux and mmap_min_addr
https://notcve.org/view.php?id=CVE-2009-2695
28 Aug 2009 — The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capabilit... • http://danwalsh.livejournal.com/30084.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 309EXPL: 1CVE-2009-2849 – kernel: md: NULL pointer deref when accessing suspend_* sysfs attributes
https://notcve.org/view.php?id=CVE-2009-2849
18 Aug 2009 — The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker. El driver md (drivers/md/md.c) en el kernel de Linux anteriores a 2.6.30.2 podría permitir a usuarios locales producir una denegación de servicio (referencia a un puntero nul... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git%3Ba=commit%3Bh=3c92900d9a4afb176d3de335dc0da0198660a244 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 2CVE-2009-2848 – kernel: execve: must clear current->clear_child_tid
https://notcve.org/view.php?id=CVE-2009-2848
18 Aug 2009 — The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. Una función execve en el kernel de Linux, posiblemente versión 2.6.30-rc6 y anteriores, no borra apropiadamente el puntero de curr... • http://article.gmane.org/gmane.linux.kernel/871942 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 316EXPL: 0CVE-2009-2846
https://notcve.org/view.php?id=CVE-2009-2846
18 Aug 2009 — The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. La función eisa_eeprom_read en el componente the parisc isa-eeprom (drivers/parisc/eisa_eeprom.c) en el kernel de Linux anterior a v2.6.31-rc6 permite a usuarios locales acceder a memoria... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=6b4dbcd86a9d464057fcc7abe4d0574093071fcc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 14CVE-2009-2692 – Linux Kernel 2.x (Android) - 'sock_sendpage()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2692
14 Aug 2009 — The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. El kernel de Linux versiones 2.6.0 hasta 2.6.30.4 y 2.4.4 hasta 2.4.3... • https://www.exploit-db.com/exploits/9477 • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •