CVE-2010-5321
https://notcve.org/view.php?id=CVE-2010-5321
Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. La pérdida de memoria en drivers/media/video/videobuf-core.c en el subsistema videobuf en el kernel de Linux 2.6.x hasta la versión 4.x permite a usuarios locales causar una denegación de servicio (consumo de memoria) aprovechando el acceso /dev/video para una serie de llamadas mmap que requieren nuevas asignaciones, una vulnerabilidad diferente a CVE-2007-6761. NOTA: a partir de 18-06-2016, esto afecta sólo a 11 controladores que no se han actualizado para utilizar videobuf2 en lugar de videobuf. • http://linuxtv.org/irc/v4l/index.php?date=2010-07-29 http://www.openwall.com/lists/oss-security/2015/02/08/4 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340 https://bugzilla.kernel.org/show_bug.cgi?id=120571 https://bugzilla.redhat.com/show_bug.cgi?id=620629 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2007-6761
https://notcve.org/view.php?id=CVE-2007-6761
drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. drivers/media/video/videobuf-vmalloc.c en el kernel de Linux en versiones anteriores a 2.6.24 no inicializa las estructuras de datos videobuf_mapping, lo que permite a usuarios locales desencadenar un valor de recuento incorrecto y una filtración de videobuf a través de vectores no especificados, una vulnerabilidad diferente a CVE-2010 -5321. • http://www.linuxgrill.com/anonymous/kernel/v2.6/ChangeLog-2.6.24 http://www.securityfocus.com/bid/98001 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b29669c065f60501e7289e1950fa2a618962358 https://github.com/torvalds/linux/commit/0b29669c065f60501e7289e1950fa2a618962358 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7645 – kernel: nfsd: Incorrect handling of long RPC replies
https://notcve.org/view.php?id=CVE-2017-7645
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. El servidor NFSv2/NFSv3 en el subsistema nfsd en el Kernel de Linux hasta la versión 4.10.11 permite a atacantes remotos provocar una denegación de servicio (caída de sistema) a través de una respuesta RPC larga, relacionada con net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c y fs/nfsd/nfsxdr.c. The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. • http://www.debian.org/security/2017/dsa-3886 http://www.securityfocus.com/bid/97950 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1616 https://access.redhat.com/errata/RHSA-2017:1647 https://access.redhat.com/errata/RHSA-2018:1319 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6838a29ecb484c97e4efef9429643b9851fba6e https://github.com/torvalds/linux/commit/e6838a29ecb484c97e4efef9429643b9851fba6e https://help.ecostruxur • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •
CVE-2017-7889 – kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism
https://notcve.org/view.php?id=CVE-2017-7889
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. El subsistema mm en el kernel de Linux hasta la versión 3.2 no aplica adecuadamente el mecanismo de protección CONFIG_STRICT_DEVMEM, lo que permite a usuarios locales leer o escribir en ubicaciones de la memoria del kernel en el primer megabyte (y eludir restricciones de acceso de asignación de slab) a través de una aplicación que abre el archivo /dev/mem, relacionado con arch/x86/mm/init.c y drivers/char/mem.c The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94 http://www.debian.org/security/2017/dsa-3945 http://www.openwall.com/lists/oss-security/2017/04/16/4 http://www.securityfocus.com/bid/97690 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2018:1854 https://git.kernel.org/pub/ • CWE-391: Unchecked Error Condition CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2017-7616 – kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c
https://notcve.org/view.php?id=CVE-2017-7616
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. El manejo incorrecto de los errores en las syscalls set_mempolicy y mbind compat en mm/mempolicy.c en el kernel de Linux hasta la versión 4.10.9 permite a los usuarios locales obtener información confidencial de datos de pila no inicializados al activar el fallo de una determinada operación de mapa de bits. Incorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 http://www.securityfocus.com/bid/97527 http://www.securitytracker.com/id/1038503 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2018:1854 https://github.com/torvalds/linux/commit/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 https://source.android.com/security/bulletin/2017-09-01 https://access.redhat.com • CWE-388: 7PK - Errors CWE-390: Detection of Error Condition Without Action •