CVE-2014-3535 – Kernel: netdevice.h: NULL pointer dereference over VxLAN
https://notcve.org/view.php?id=CVE-2014-3535
include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface. include/linux/netdevice.h en el kernel de Linux anterior a 2.6.36 utiliza incorrectamente los macros para netdev_printk y su implementación de registro relacionada, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída del sistema) mediante el envió de paquetes inválidos a una interfaz VxLAN. A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=256df2f3879efdb2e9808bdb1b54b16fbb11fa38 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36 http://www.securityfocus.com/bid/69721 https://bugzilla.redhat.com/show_bug.cgi?id=1114540 https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38 https://access.redhat.com/security/cve/CVE-2014-3535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVE-2014-0205 – kernel: futex: refcount issue in case of requeue
https://notcve.org/view.php?id=CVE-2014-0205
The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count. La función futex_wait en kernel/futex.c en el kernel de Linux anterior a 2.6.37 no mantiene debidamente cierta cuenta de referencias durante las operaciones de rehacer colas, lo que permite a usuarios locales causar una denegación de servicio (uso después de liberación y caída del sistema) o posiblemente tener otro impacto no especificado a través de una aplicación manipulada que provoca una cuenta a cero. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ada876a8703f23befbb20a7465a702ee39b1704 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.37 http://rhn.redhat.com/errata/RHSA-2014-1365.html http://rhn.redhat.com/errata/RHSA-2014-1763.html https://bugzilla.redhat.com/show_bug.cgi?id=1094455 https://github.com/torvalds/linux/commit/7ada876a8703f23befbb20a7465a702ee39b1704 https://access.redhat.com/security/cve/CVE-2014-0205 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2014-5472 – kernel: isofs: unbound recursion when processing relocated directories
https://notcve.org/view.php?id=CVE-2014-5472
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. La función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux hasta 3.16.1 permite a usuarios locales causar una denegación de servicio (un proceso de montaje imparable) a través de un imagen iso9660 manipulado con una entrada CL de auto referencia. It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.in • CWE-20: Improper Input Validation •
CVE-2014-3601 – kernel: kvm: invalid parameter passing in kvm_iommu_map_pages()
https://notcve.org/view.php?id=CVE-2014-3601
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. La función kvm_iommu_map_pages en virt/kvm/iommu.c en el kernel de Linux hasta 3.16.1 calcula erróneamente el número de las páginas durante el manejo de un fallo en las asignaciones, lo que permite a usuarios del sistema operativo invitado (1) causar una denegación de servicio (corrupción de la memoria del sistema operativo anfitrión) o posiblemente tener otro impacto no especificado mediante la provocación de un valor gfn grande o (2) causar una denegación de servicio (corrupción de la memoria del sistema operativo anfitrión) mediante la provocación de un valor gfn pequeño que conduce a páginas fijadas (pinned) permanentemente. A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://secunia.com/advisories/60830 http://www.securityfocus.com/bid/69489 http://www.ubuntu.com/usn/USN-2356-1 http://www.ubuntu.com/usn/USN-2357 • CWE-189: Numeric Errors •
CVE-2014-5471 – kernel: isofs: unbound recursion when processing relocated directories
https://notcve.org/view.php?id=CVE-2014-5471
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. Vulnerabilidad de consumo de pila en la función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux hasta 3.16.1 permite a usuarios locales causar una denegación de servicio (recursividad sin control y caída o reinicio del sistema) a través de un imagen iso9660 manipulado con una entrada CL que se refiere a una entrada del directorio que tiene una entrada CL. It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.in • CWE-399: Resource Management Errors •