CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 3CVE-2012-0055 – OverlayFS inode Security Checks - 'inode.c' Local Security Bypass
https://notcve.org/view.php?id=CVE-2012-0055
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. OverlayFS en el kernel de Linux versiones anteriores a 3.0.0-16.28, como es usado en Ubuntu versiones 10.0.4 LTS y 11.10, carece de verificaciones de seguridad de inode que podrían permitir a atacantes omitir las restricciones de seguridad y llevar a cabo acciones no autorizadas. • https://www.exploit-db.com/exploits/36571 http://www.openwall.com/lists/oss-security/2012/01/17/11 http://www.ubuntu.com/usn/USN-1363-1 http://www.ubuntu.com/usn/USN-1364-1 http://www.ubuntu.com/usn/USN-1384-1 https://access.redhat.com/security/cve/cve-2012-0055 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055 • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 63EXPL: 1CVE-2012-0028 – kernel: futex: clear robust_list on execve
https://notcve.org/view.php?id=CVE-2012-0028
The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process. La implementación de robust futex en el kernel de Linux antes de v2.6.28 no maneja adecuadamente los procesos que realizan llamadas Exec System Recovery, lo que permite a usuarios locales provocar una denegación de servicio o posiblemente obtener privilegios escribiendo en una ubicación de memoria en un proceso hijo. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8141c7f3e7aee618312fa1c15109e1219de784a7 http://www.openwall.com/lists/oss-security/2012/05/08/1 https://bugzilla.redhat.com/show_bug.cgi?id=771764 https://github.com/torvalds/linux/commit/8141c7f3e7aee618312fa1c15109e1219de784a7 https://access.redhat.com/security/cve/CVE-2012-0028 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 84EXPL: 0CVE-2011-4086 – kernel: jbd2: unmapped buffer with _Unwritten or _Delay flags set can lead to DoS
https://notcve.org/view.php?id=CVE-2011-4086
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal. La función journal_unmap_buffer en fs/jbd2/transaction.c en el kernel de linux anterior a v3.3.1 no maneja correctamente el "buffer head states" _Delay y _Unwritten, permitiendo a usuarios locales causar una denegación de servicio aprovechándose de la presencia de un sistema de ficheros ext4 que está montado con journal • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=15291164b22a357cb211b618adfef4fa82fc0de3 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html http://rhn.redhat.com/errata/RHSA-2012-0571.html http://rhn.redhat.com/errata/RHSA-2012-0670.html http://secunia.com/advisories/48898 http://secunia.com/advisories/48964 http://www.debian.org/security/2012/dsa-2469 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0038 – kernel: xfs heap overflow
https://notcve.org/view.php?id=CVE-2012-0038
Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow. Desbordamiento de entero en la función xfs_acl_from_disk en fs/xfs/xfs_acl.c en el núcleo de Linux anterior a v3.1.9 que permite a usuarios locales causar una denegación de servicio (panic) a través del sistema de ficheros con una lista ACL mal construida, dando lugar a un desbordamiento de búfer basado en heap. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=093019cf1b18dd31b2c3b77acce4e000e2cbc9ce http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.9 http://www.openwall.com/lists/oss-security/2012/01/10/11 https://bugzilla.redhat.com/show_bug.cgi?id=773280 https://github.com/torvalds/linux/commit/093019cf1b18dd31b2c3b77acce4e000e2cbc9ce https:/&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-0044 – kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl()
https://notcve.org/view.php?id=CVE-2012-0044
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call. Un desbordamiento de entero en la función de drm_mode_dirtyfb_ioctl en drivers/gpu/drm/ drm_crtc.c en el subsistema "Direct Rendering Manager" (DRM) en el kernel de Linux en versiones anteriores a la v3.1.5 permite a usuarios locales obtener privilegios o causar una denegación de servicio (por corrupción de memoria) a través de una llamada a ioctl debdamente modificada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a5cd335165e31db9dbab636fd29895d41da55dd2 http://rhn.redhat.com/errata/RHSA-2012-0743.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.5 http://www.openwall.com/lists/oss-security/2012/01/12/1 http://www.securityfocus.com/bid/51371 http://www.ubuntu.com/usn/USN-1555-1 http://www.ubuntu.com/usn/USN-1556-1 https://bugzilla.redhat.com/show_bug.cgi?id=772894 https:/& • CWE-190: Integer Overflow or Wraparound •