CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3732
https://notcve.org/view.php?id=CVE-2007-3732
In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. En Linux versiones 2.6 anteriores a 2.6.23, la función TRACE_IRQS_ON en iret_exc llama a una función C sin asegurar de que los segmentos estén configurados apropiadamente. El %fs del kernel debe ser restaurado antes de la llamada en TRACE_IRQS_ON y antes de habilitar las interrupciones, para que operen las referencias "current". • https://access.redhat.com/security/cve/cve-2007-3732 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-3732 https://security-tracker.debian.org/tracker/CVE-2007-3732 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2243
https://notcve.org/view.php?id=CVE-2010-2243
A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. Se presenta una vulnerabilidad en el archivo kernel/time/clocksource.c en el kernel de Linux versiones anteriores a 2.6.34, donde en sistemas non-GENERIC_TIME (GENERIC_TIME=n), acceder a /sys/devices/system/clocksource/clocksource0/current_clocksource resulta en un OOPS. • https://access.redhat.com/security/cve/cve-2010-2243 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad6759fbf35d104dbf573cd6f4c6784ad6823f7e https://security-tracker.debian.org/tracker/CVE-2010-2243 https://www.openwall.com/lists/oss-security/2010/06/25/1 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18806
https://notcve.org/view.php?id=CVE-2019-18806
A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. Una pérdida de memoria en la función ql_alloc_large_buffers() en el archivo drivers/net/ethernet/qlogic/qla3xxx.c en el kernel de Linux versiones anteriores a 5.3.5, permite a usuarios locales causar una denegación de servicio (consumo de memoria) mediante la activación de fallos de la función pci_dma_mapping_error(), también se conoce como CID-1acb8f2a7a9f. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1acb8f2a7a9f10543868ddd737e37424d5c36cf4 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18807
https://notcve.org/view.php?id=CVE-2019-18807
Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11. Dos fugas de memoria en la función sja1105_static_config_upload() en el archivo drivers/net/dsa/sja1105/sja1105_spi.c en el kernel de Linux versiones anteriores a 5.3.5, permiten a atacantes causar una denegación de servicio (consumo de memoria) mediante la activación de fallos de la función static_config_buf_prepare_for_upload() o sja1105_inhibit_tx(), también se conoce como CID-68501df92d11. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68501df92d116b760777a2cfda314789f926476f https://security.netapp.com/advisory/ntap-20191205-0001 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18808 – kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c
https://notcve.org/view.php?id=CVE-2019-18808
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. Una pérdida de memoria en la función ccp_run_sha_cmd() en el archivo drivers/crypto/ccp/ccp-ops.c en el kernel de Linux versiones hasta 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-128c66429247. A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://www.openwall.com/lists/oss-security/2021/09/14/1 https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubun • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •