CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2009-2768
https://notcve.org/view.php?id=CVE-2009-2768
14 Aug 2009 — The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer." La función load_flat_shared_library en el archivo fs/binfmt_flat.c en el subsistema flat en el kernel de Linux anterior a versión 2.6.31-rc6, permite a los usuarios... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3440625d78711bee41a84cf29c3d8c579b522666 • CWE-476: NULL Pointer Dereference CWE-824: Access of Uninitialized Pointer •
CVSS: 7.2EPSS: 0%CPEs: 79EXPL: 1CVE-2009-2767 – Linux Kernel 2.6.x - 'posix-timers.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-2767
14 Aug 2009 — The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference. La función init_posix_timers en kernel/posix-timers.c en el kernel de linux anteriores a v2.6.31-rc6 permite a usuarios locales provocar una denegación de servicio (OOPS) o posiblemente conseguir privilegios a través de una llamada CLOCK_MONOTONI... • https://www.exploit-db.com/exploits/33148 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0CVE-2009-2691 – kernel: /proc/$pid/maps visible during initial setuid ELF loading
https://notcve.org/view.php?id=CVE-2009-2691
14 Aug 2009 — The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. La función mm_for_maps en fs/proc/base.c en el kernel Linux v2.6.30.4 y anteriores permiten a usuarios locales leer (1) mapas y (2) ficheros smaps bajo proc/ a través de vectores relativos a la carga ELF, un proceso setuid, y condición de carrera. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=00f89d218523b9bf6b522349c039d5ac80aa536d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 309EXPL: 1CVE-2009-2407 – kernel: ecryptfs heap overflow in parse_tag_3_packet()
https://notcve.org/view.php?id=CVE-2009-2407
31 Jul 2009 — Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. Desbordamiento de búfer basado en memoria dinámica en la función parse_tag_3_packet en fs/ecryptfs/keystore.c en el subsistema eCryptfs del kernel de Linux anteriores ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f151cd2c54ddc7714e2f740681350476cda03a28 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 414EXPL: 1CVE-2009-2406 – kernel: ecryptfs stack overflow in parse_tag_11_packet()
https://notcve.org/view.php?id=CVE-2009-2406
31 Jul 2009 — Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. Desbordamiento de búfer basado en pila en la función parse_tag_11_packet en fs/ecryptfs/keystore.c ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6352a29305373ae6196491e6d4669f301e26492e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2009-2584
https://notcve.org/view.php?id=CVE-2009-2584
23 Jul 2009 — Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count argument, which triggers a stack-based buffer overflow. Error de superación de límite (Off-by-one) en la función drivers/misc/sgi-gru/gruprocfs.c en el controlador SGI GRU en el kernel de Linux v2.6.30.2 y anteriores en plataformas ia64... • http://grsecurity.net/~spender/exploit_demo.c • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 4CVE-2009-1897 – Linux Kernel 2.6.30 - 'tun_chr_pool()' Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2009-1897
20 Jul 2009 — The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894. La función tun_chr_poll en drivers/net/tun.c en el subsistema tun del kernel de Linux v2.6.30 y v2.6.30.1, cuando se omite la opción -fno-delete-null-pointer-checks en gcc, perm... • https://www.exploit-db.com/exploits/33088 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2009-1895 – kernel: personality: fix PER_CLEAR_ON_SETID
https://notcve.org/view.php?id=CVE-2009-1895
16 Jul 2009 — The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). El subsistema de personalidad en el Linux kernel anterior a v2.6.31-r... • http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html • CWE-16: Configuration •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1388 – kernel: do_coredump() vs ptrace_start() deadlock
https://notcve.org/view.php?id=CVE-2009-1388
05 Jul 2009 — The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread. La función ptrace_start de kernel/ptrace.c en el kernel de Linux v2.6.18, no maneja adecuadamente la ejecución simultánea de la función do_coredump, esto permite a usuarios locales provocar una denegación de servicio -bloqueo m... • http://marc.info/?l=oss-security&m=124654277229434&w=2 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2009-2287
https://notcve.org/view.php?id=CVE-2009-2287
01 Jul 2009 — The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function. La funciónkvm_arch_vcpu_ioctl_set_sregs en el KVM en el Kernel Linux v2.6 anterior a v2.6.30, ejecutado sobre plataformas x86, no valida la "page table root" (raíz d... • http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git%3Ba=blob%3Bf=queue-2.6.30/kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch%3Bh=b48a47dad2cf76358b327368f80c0805e6370c68%3Bhb=e7c45b24f298b5d9efd7d401150f64a1b51aaac4 • CWE-476: NULL Pointer Dereference •