CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 1CVE-2009-0748 – kernel: ext4: ext4_fill_super() missing validation issue
https://notcve.org/view.php?id=CVE-2009-0748
27 Feb 2009 — The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem. La superfunción ext4_fill_super en fs/ext4/super.c del kernel Linux v2.6.27 anteriores a v2.6.27.19 y v2.6.28 anteriores a v2.6.28.7 no valida la configuración de superbloque, lo que permite a usuarios loc... • http://bugzilla.kernel.org/show_bug.cgi?id=12371 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 26EXPL: 0CVE-2009-0745 – kernel: ext4: ext4_group_add() missing initialisation issue
https://notcve.org/view.php?id=CVE-2009-0745
27 Feb 2009 — The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. La función ext4_group_add en fs/ext4/resize.c en el kernel de Linux v2.6.27 anteriores a v2.6.27.19 y v2.6.28 anteriores a v2.6.28.7 no inicializa de forma adecuada el... • http://bugzilla.kernel.org/show_bug.cgi?id=12433 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2009-0747 – kernel: ext4: ext4_isize() denial of service
https://notcve.org/view.php?id=CVE-2009-0747
27 Feb 2009 — The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem. La función ext4_isize en fs/ext4/ext4.h del kernel de Linux v2.6.27 anteriores a v2.6.27.19 y v2.6.28 anteriores a v2.6.28.7 utiliza el componente de la estructura i_si... • http://bugzilla.kernel.org/show_bug.cgi?id=12375 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 26EXPL: 1CVE-2009-0746 – Linux Kernel 2.6.x - 'make_indexed_dir()' Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-0746
27 Feb 2009 — The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. La función make_indexed_dir en fs/ext4/namei.c en el kernel de Linux v2.6.27 anteriores a v2.6.27.19 y v2.6.28 anteriores a v2.6.28.7 no valida el campo rec_len, lo que permite a usuarios locales provocar una denegación de servicio (OOPS ... • https://www.exploit-db.com/exploits/32775 • CWE-20: Improper Input Validation •
CVSS: 7.7EPSS: 0%CPEs: 316EXPL: 1CVE-2009-0028 – Linux Kernel 2.6.x - Cloned Process 'CLONE_PARENT' Local Origin Validation
https://notcve.org/view.php?id=CVE-2009-0028
27 Feb 2009 — The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. La llamada al sistema clone en el kernel de Linux v2.6.28 y anteriores, permite a usuarios locales enviar señales arbitrarias a un proceso padre desde un proceso hijo sin privilegios mediante el envío de un proceso hijo adicional con la bande... • https://www.exploit-db.com/exploits/32815 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 325EXPL: 1CVE-2009-0676 – Linux Kernel 2.6.x - 'sock.c' SO_BSDCOMPAT Option Information Disclosure
https://notcve.org/view.php?id=CVE-2009-0676
22 Feb 2009 — The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. La función sock_getsockopt en net/core/sock.c en el kernel de Linux anterior a v2.6.28.6 no inicializa un miembro de cierta estructura, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una petición SO_... • https://www.exploit-db.com/exploits/32805 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.7EPSS: 0%CPEs: 322EXPL: 0CVE-2009-0675 – kernel: skfp_ioctl inverted logic flaw
https://notcve.org/view.php?id=CVE-2009-0675
22 Feb 2009 — The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. La funcion skfp_ioctl en drivers/net/skfp/skfddi.c en el kernel de Linux anterior a v2.6.28.6 permite peticiones SKFP_CLR_STATS solo cuando la capacidad CAP_NET_ADMIN esta ausente, en cambio cuando esta... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c25b9abbc2c2c0da88e180c3933d6e773245815a • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 323EXPL: 0CVE-2009-0605
https://notcve.org/view.php?id=CVE-2009-0605
17 Feb 2009 — Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registered Kprobes probe. Vulnerabilidad de agotamiento de pila en la función do_page_fault en arch/x86/mm/fault.c en el kernel de Linux anterior a v2.6.28.5 permite a usuarios locales provocar una denegación de servicio (... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=9be260a646bf76fa418ee519afa10196b3164681 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 238EXPL: 0CVE-2008-6107
https://notcve.org/view.php?id=CVE-2008-6107
10 Feb 2009 — The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel before 2.6.25.4, omit some virtual-address range (aka span) checks when the mremap MREMAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mremap calls, a related issue to CVE-2008-2137. Las funciones (1) sys32_mremap en arch/spa... • http://marc.info/?l=linux-kernel&m=121071103304610&w=2 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2009-0322 – kernel: dell_rbu local oops
https://notcve.org/view.php?id=CVE-2009-0322
28 Jan 2009 — drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. drivers/firmware/dell_rbu.c en el Kernel Linux anterior a v2.6.27.13 y v2.6.28.x anterior a v2.6.28.2, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de una llamada al sist... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=81156928f8fe31621e467490b9d441c0285998c3 • CWE-189: Numeric Errors CWE-399: Resource Management Errors •