CVSS: 7.5EPSS: 0%CPEs: 131EXPL: 0CVE-2012-5532 – hypervkvpd: Netlink source address validation allows denial of service
https://notcve.org/view.php?id=CVE-2012-5532
27 Dec 2012 — The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. La función principal de tools/hv/hv_kvp_daemon.c en hypervkvpd, distribuido en el kernel de Linux antes de v3.8-rc1, permite a usuarios locales provocar una denegación de servicio (salida ordenada del de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95a69adab9acfc3981c504737a2b6578e4d846ef •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2669 – Mandriva Linux Security Advisory 2013-176
https://notcve.org/view.php?id=CVE-2012-2669
27 Dec 2012 — The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message. La función principal de tools/hv/hv_kvp_daemon.c en hypervkvpd, distribuido en el kernel de Linux antes de v3.4.5, no valida el origen de los mensajes netlink, lo que permite a usuarios locales falsificar comunicaciones netlink a través de un mensaje modificado. ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 153EXPL: 2CVE-2012-0957 – Linux Kernel 3.2.x - 'uname()' System Call Local Information Disclosure
https://notcve.org/view.php?id=CVE-2012-0957
21 Dec 2012 — The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. La función override_release en kernel/sys.c en el kernel de Linux antes de v3.4.16 permite a usuarios locales obtener información sensible de la memoria de la pila del núcleo a través de una llamada al sistema uname junto con una personalidad UNAME26. • https://www.exploit-db.com/exploits/37937 • CWE-16: Configuration CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 194EXPL: 0CVE-2012-4444 – kernel: net: acceptation of overlapping ipv6 fragments
https://notcve.org/view.php?id=CVE-2012-4444
21 Dec 2012 — The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. La función ip6_frag_queue en net/ipv6/reassembly.c en el kernel de Linux antes de v2.6.36 permite a atacantes remotos evitar las restricciones de red a través de la superposición de fragmentos IPv6. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 1CVE-2012-4565 – kernel: net: divide by zero in tcp algorithm illinois
https://notcve.org/view.php?id=CVE-2012-4565
21 Dec 2012 — The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. La función tcp_illinois_info en net/ipv4/tcp_illinois.c en el kernel de Linux antes de v3.4.19, cuando la opción net.ipv4.tcp_congestion_control illinois está habilitada, permite a usuarios locales provocar una denegación de servicio (división por... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8f363b77ee4fbf7c3bbcf5ec2c5ca482d396d664 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 169EXPL: 0CVE-2012-5517 – kernel: mm/hotplug: failure in propagating hot-added memory to other nodes
https://notcve.org/view.php?id=CVE-2012-5517
21 Dec 2012 — The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. La función online_pages mm/memory_hotplug.c en el kernel de Linux en versiones anteriores a v3.6 permite a usuarios locales provocar una denegación de servicio (desreferencia de puntero NULL y caída del sistema)... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=08dff7b7d629807dbb1f398c68dd9cd58dd657a1 •
CVSS: 7.5EPSS: 0%CPEs: 153EXPL: 0CVE-2012-4508 – kernel: ext4: AIO vs fallocate stale data exposure
https://notcve.org/view.php?id=CVE-2012-4508
21 Dec 2012 — Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. Condición de carrera en fs/ext4/extents.c. En el kernel Linux antes de v3.4.16 permite a usuarios locales obtener información sensible de un archivo eliminado mediante la lectura de un 'extent' que no fue correctamente marcado como 'no inicializado' . The kernel packages contain the Linux kernel, the c... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dee1f973ca341c266229faa5a1a5bb268bed3531 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 143EXPL: 1CVE-2012-4467
https://notcve.org/view.php?id=CVE-2012-4467
10 Oct 2012 — The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call. Las funciones (1) do_siocgstamp y (2) do_siocgstampns en net/socket.c en el kernel Linux antes de v3.5.4, utiliza un orden incorrecto de los argumentos, lo que podría permitir a un usuario local obtener información sensible de l... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 2CVE-2012-3430 – Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure
https://notcve.org/view.php?id=CVE-2012-3430
03 Oct 2012 — The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. La función rds_recvmsg en net/rds/recv.c en el Kernell de Linux anteriores a v3.0.44 no inicializa el cierto miembro de la estructura, lo que permite a usuarios locales a obtener información potencialmente sensible de la pila de ... • https://www.exploit-db.com/exploits/37543 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 1CVE-2011-1833 – kernel: ecryptfs: mount source TOCTOU race
https://notcve.org/view.php?id=CVE-2011-1833
03 Oct 2012 — Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. Condición de carrera en la función ecryptfs_mount en fs/ecryptfs/main.c en el subsistema eCryptfs en el Kernel de Linux anteriores a v3.1 permite a usuarios locales evitar los permisos de ficheros impuestos a través de montar una unidad con mount.ecryptfs_private con un uid... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=764355487ea220fdc2faf128d577d7f679b91f97 • CWE-264: Permissions, Privileges, and Access Controls CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •