CVE-2014-0077 – kernel: vhost-net: insufficiency in handling of big packets in handle_rx()
https://notcve.org/view.php?id=CVE-2014-0077
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. drivers/vhost/net.c en el kernel de Linux anterior a 3.13.10, cuando buffers combinables están deshabilitados, no valida debidamente los longitudes de paquetes, lo que permite a usuarios invitados del sistema operativo causar una denegación de servicio (corrupción de memoria y caída del sistema operativo anfitrión) o posiblemente ganar privilegios en el sistema operativo anfitrión a través de paquetes manipulados, relacionado con las funciones handle_rx y get_rx_bufs. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0 http://secunia.com/advisories/59386 http://secunia.com/advisories/59599 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10 http://www.securityfocus.com/bid/66678 https://bugzilla.redhat.com/show_bug.cgi?id=1064440 https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0 https://access.redhat.com/security/cve/CVE-2014-0077 • CWE-787: Out-of-bounds Write •
CVE-2014-2678 – kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()
https://notcve.org/view.php?id=CVE-2014-2678
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. La función rds_iw_laddr_check en net/rds/iw.c en el kernel de Linux hasta 3.14 permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y caída de sistema) o posiblemente tener otro impacto no especificado a través de una llamada de sistema bind para un socket RDS en un sistema que carece de transportes RDS. A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. • http://linux.oracle.com/errata/ELSA-2014-0926-1.html http://linux.oracle.com/errata/ELSA-2014-0926.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html http://secunia.com/advisories/59386 http://secunia.com/advisories/60130 http://secunia.com/advisories/60471 http://www.openwall.com/lists/oss-security/2014/03/31/10 http://www.securityfocus.com/bid/66543 https://lkml.org/lkml/2014/3/29/188 https://access.redhat.com/security/cve/CV • CWE-476: NULL Pointer Dereference •
CVE-2013-7348
https://notcve.org/view.php?id=CVE-2013-7348
Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function. Vulnerabilidad de doble liberación en la función ioctx_alloc en fs/aio.c en el kernel de Linux anterior a 3.12.4 permite a usuarios locales causar una denegación de servicio (caída de sistema) o posiblemente otro impacto no especificado a través de vectores involucrando una condición de error en la función aio_setup_ring. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d558023207e008a4476a3b7bb8706b2a2bf5d84f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 http://www.openwall.com/lists/oss-security/2014/03/31/10 https://github.com/torvalds/linux/commit/d558023207e008a4476a3b7bb8706b2a2bf5d84f • CWE-399: Resource Management Errors •
CVE-2014-2673 – kernel: powerpc: tm: crash when forking inside a transaction
https://notcve.org/view.php?id=CVE-2014-2673
The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state. La función arch_dup_task_struct en la implementación Transactional Memory (TM) en arch/powerpc/kernel/process.c en el kernel de Linux anterior a 3.13.7 en la plataforma powerpc no interactúa debidamente con las llamadas de sistema clon y fork, lo que permite a usuarios locales causar una denegación de servicio (comprobación de programa y caída de sistema) a través de ciertas instrucciones que son ejecutadas con el procesador en el estado transaccional. A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=621b5060e823301d0cba4cb52a7ee3491922d291 http://secunia.com/advisories/57436 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 http://www.openwall.com/lists/oss-security/2014/03/30/5 http://www.securityfocus.com/bid/66477 https://exchange.xforce.ibmcloud.com/vulnerabilities/92113 https://github.com/torvalds/linux/commit/621b5060e823301d0cba4cb52a7ee3491922d291 https://www.kernel.org/pub/linux/kernel/ • CWE-20: Improper Input Validation •
CVE-2014-2523 – kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
https://notcve.org/view.php?id=CVE-2014-2523
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. net/netfilter/nf_conntrack_proto_dccp.c en el kernel de Linux hasta 3.13.6 utiliza un puntero de cabecera DCCP incorrectamente, lo que permite a atacantes remotos causar una denegación de servicio (caída de sistema) o posiblemente ejecutar código arbitrario a través de un paquete DCCP que provoca una llamada la función (1) dccp_new, (2) dccp_packet o (3) dccp_error. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92 http://secunia.com/advisories/57446 http://twitter.com/grsecurity/statuses/445496197399461888 http://www.openwall.com/lists/oss-security/2014/03/17/7 http://www.securityfocus.com/bid/66279 http://www.securitytracker.com/id/1029945 http://www.ubuntu.com/usn/USN-2173-1 http://www.ubuntu.com/usn/USN-2174-1 https://bugzilla.redhat.com/show_bug.cgi?id=1077343 • CWE-20: Improper Input Validation •