CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1CVE-2010-4250 – Linux Kernel 2.6.x - 'inotify_init()' Memory Leak Local Denial of Service
https://notcve.org/view.php?id=CVE-2010-4250
Memory leak in the inotify_init1 function in fs/notify/inotify/inotify_user.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory consumption) via vectors involving failed attempts to create files. Una vulnerabilidad de pérdida de memoria en la función inotify_init1 en fs/notify/inotify/inotify_user.c en versiones del kernel de Linux anteriores a v2.6.37 permite a usuarios locales provocar una denegación de servicio (por excesivo consumo de memoria) a través de vectores relacionados con intentos fallidos de creación de archivos. • https://www.exploit-db.com/exploits/35013 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2ae4cc9a16e211c8a128ba10d22a85431f093ab http://www.openwall.com/lists/oss-security/2010/11/24/11 https://bugzilla.redhat.com/show_bug.cgi?id=656830 https://github.com/torvalds/linux/commit/a2ae4cc9a16e211c8a128ba10d22a85431f093ab https://access.redhat.com/security/cve/CVE-2010-4250 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3363 – kernel: cifs: always do is_path_accessible check in cifs_mount
https://notcve.org/view.php?id=CVE-2011-3363
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. La función setup_cifs_sb function en fs/cifs/connect.cen el kernel de Linux antes de v2.6.39 no maneja correctamente las referencias de la DFS, lo que permite a servidores CIFS remotos provocar una denegación de servicio (caída del sistema) mediante la colocación de una derivación en la raíz de una acción. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=70945643722ffeac779d2529a348f99567fa5c33 http://www.openwall.com/lists/oss-security/2011/09/14/12 https://bugzilla.redhat.com/show_bug.cgi?id=738291 https://github.com/torvalds/linux/commit/70945643722ffeac779d2529a348f99567fa5c33 https://access.redhat.com/security/cve/CVE-2011-3363 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 0CVE-2011-2494 – kernel: taskstats io infoleak
https://notcve.org/view.php?id=CVE-2011-2494
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password. kernel/taskstats.c del kernel de Linux en versiones anteriores a la 3.1 permite a usuarios locales obtener información confidencial de estadísticas de I/O enviando comandos taskstats al socket netlink, tal como se ha demostrado descubriendo la longitud de la contraseña de otro usuario. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1a51410abe7d0ee4b1d112780f46df87d3621043 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://secunia.com/advisories/48898 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 http://www.openwall.com/lists/oss-security/2011/06/27/1 https://bugzilla.redhat.com/show_bug.cgi?id=716842 https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043 https://access. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2011-3209 – kernel: panic occurs when clock_gettime() is called
https://notcve.org/view.php?id=CVE-2011-3209
The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call. La implementación de div_long_long_rem en include/asm-x86/div64.h en el Kernel de Linux anteriores a v2.6.26 en plataformas x86 permite a usuarios locales provocar una denegación de servicio (Divide Error Fault y pánico) a través de una llamada al sistema clock_gettime. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f8bd2258e2d520dff28c855658bd24bdafb5102d http://www.openwall.com/lists/oss-security/2011/10/24/3 https://bugzilla.redhat.com/show_bug.cgi?id=732878 https://github.com/torvalds/linux/commit/f8bd2258e2d520dff28c855658bd24bdafb5102d https://access.redhat.com/security/cve/CVE-2011-3209 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2942 – kernel: bridge: null pointer dereference in __br_deliver
https://notcve.org/view.php?id=CVE-2011-2942
A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device. Un parche de Red Hat para la función __br_deliver en net/bridge/br_forward.c en el Kernel de Linux v2.6.18 en Red Hat Enterprise Linux (RHEL) 5 permite a atacantes remotos causar una denegación de servicio (NULL pointer dereference y caída del sistema) o posiblemente tener otro impacto no especificado mediante el aprovechamiento de la conectividad con una interfaz de red que utiliza un dispositivo Ethernet puente. • http://www.openwall.com/lists/oss-security/2011/10/24/3 https://bugzilla.redhat.com/show_bug.cgi?id=730917 https://access.redhat.com/security/cve/CVE-2011-2942 • CWE-476: NULL Pointer Dereference •