CVE-2014-6416
https://notcve.org/view.php?id=CVE-2014-6416
Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket. Desbordamiento de buffer en net/ceph/auth_x.c en Ceph, utilizado en el kernel de Linux anterior a 3.16.3, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y panic) o posiblemente tener otro impacto no especificado a través de un ticket de autor largo no cifrado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c27a3e4d667fdcad3db7b104f75659478e0c68d8 http://tracker.ceph.com/issues/8979 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3 http://www.openwall.com/lists/oss-security/2014/09/15/7 http://www.securityfocus.com/bid/69805 http://www.ubuntu.com/usn/USN-2376-1 http://www.ubuntu.com/usn/USN-2377-1 http://www.ubuntu.com/usn/USN-2378-1 http://www.ubuntu.com/usn/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-3185 – Kernel: USB serial: memory corruption flaw
https://notcve.org/view.php?id=CVE-2014-3185
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. Múltiples desbordamientos de buffer en la función command_port_read_callback en drivers/usb/serial/whiteheat.c en Whiteheat USB Serial Driver en el kernel de Linux anterior a 3.16.2 permiten a atacantes físicamente próximos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída del sistema) a través de un dispositivo manipulado que proporciona una cantidad grande de datos (1) EHCI o (2) XHCI asociados con una respuesta en masa. A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6817ae225cd650fb1c3295d769298c38b1eba818 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-1318.html http://rhn.redhat.com/errata/RHSA • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0205 – kernel: futex: refcount issue in case of requeue
https://notcve.org/view.php?id=CVE-2014-0205
The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count. La función futex_wait en kernel/futex.c en el kernel de Linux anterior a 2.6.37 no mantiene debidamente cierta cuenta de referencias durante las operaciones de rehacer colas, lo que permite a usuarios locales causar una denegación de servicio (uso después de liberación y caída del sistema) o posiblemente tener otro impacto no especificado a través de una aplicación manipulada que provoca una cuenta a cero. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ada876a8703f23befbb20a7465a702ee39b1704 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.37 http://rhn.redhat.com/errata/RHSA-2014-1365.html http://rhn.redhat.com/errata/RHSA-2014-1763.html https://bugzilla.redhat.com/show_bug.cgi?id=1094455 https://github.com/torvalds/linux/commit/7ada876a8703f23befbb20a7465a702ee39b1704 https://access.redhat.com/security/cve/CVE-2014-0205 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2014-3535 – Kernel: netdevice.h: NULL pointer dereference over VxLAN
https://notcve.org/view.php?id=CVE-2014-3535
include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface. include/linux/netdevice.h en el kernel de Linux anterior a 2.6.36 utiliza incorrectamente los macros para netdev_printk y su implementación de registro relacionada, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída del sistema) mediante el envió de paquetes inválidos a una interfaz VxLAN. A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=256df2f3879efdb2e9808bdb1b54b16fbb11fa38 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36 http://www.securityfocus.com/bid/69721 https://bugzilla.redhat.com/show_bug.cgi?id=1114540 https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38 https://access.redhat.com/security/cve/CVE-2014-3535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVE-2014-5472 – kernel: isofs: unbound recursion when processing relocated directories
https://notcve.org/view.php?id=CVE-2014-5472
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. La función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux hasta 3.16.1 permite a usuarios locales causar una denegación de servicio (un proceso de montaje imparable) a través de un imagen iso9660 manipulado con una entrada CL de auto referencia. It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.in • CWE-20: Improper Input Validation •