Page 5 of 31 results (0.031 seconds)

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow. Desbordamiento de enteros en la función rds_rdma_pages en net/rds/rdma.c en el núcleo de Linux permite a usuarios locales causar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de una estructura iovec manipulada en una petición Reliable Datagram Sockets (RDS), que provoca un desbordamiento de búfer. • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42778 http://secunia.com/advisories/42789 http://secunia.com/advisories/42801 http://secunia.com/advisories/42890 http://secunia.com/advisories/46397 http://www.ope • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •

CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. arch/x86/kvm/x86.c en el kernel de Linux v2.6.36.2 no inicializa ciertos miembros de estructura, lo que permite a usuarios locales obtener información potencialmente sensible del la pila de la pila de memoria del kernel a través de operaciones de lectura en el dispositivo /dev/kvm device. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838 http://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://openwall.com/lists/oss-security/2010/11/04/10 http://openwall.com/lists/oss-security/2010/11/05/4 http://rhn.redhat.com& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0

The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor. La función btrfs_ioctl_clone en fs/btrfs/ioctl.c en el kernel Linux, en versiones anteriores a la 2.6.35, permite a usuarios locales sobreescribir un fichero de solo-añadir (append-only) mediante una llamada ioctl (1) BTRFS_IOC_CLONE o (2) BTRFS_IOC_CLONE_RANGE que especifique este fichero como un donante. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2ebc3464781ad24474abcbd2274e6254689853b5 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://secunia.com/advisories/42758 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.openwall.com/lists/oss-security/2010/07/21/10 http://www.openwall.com/lists/oss-security/2010/07/21/4 http://www.securityfocus.com/bid/41847 http://www.ubuntu.com/usn •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file. kernel/trace/ftrace.c en el kernel Linux anterior a la versión 2.6.36-rc5, cuando está habilitado debugfs, no maneja adecuadamente la interacción entre la posesión mutex y operaciones llseek, lo que permite a usuarios locales provocar una denegación de servicio (interrupción de todas las funciones de rastreo de archivos) mediante una llamada lseek en un descriptor de fichero asociado con el fichero set_ftrace_filter. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9c55cb12c1c172e2d51e85fbb5a4796ca86b77e7 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42758 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.5 http://www.redhat.com/support/errata/RHSA-2010-0842.html http://www.securityfocus.com/bid/43684 http://www.ubuntu.c • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call. Desbordamiento de entero en la función btrfs_ioctl_clone en fs/btrfs/ioctl.c en el kernel Linux, en versiones anteriores a la 2.6.35, puede permitir a usuarios locales obtener información sensible mediante una llamada ioctl BTRFS_IOC_CLONE_RANGE. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2ebc3464781ad24474abcbd2274e6254689853b5 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://secunia.com/advisories/42758 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.openwall.com/lists/oss-security/2010/07/21/10 http://www.openwall.com/lists/oss-security/2010/07/21/4 http://www.securityfocus.com/bid/41854 http://www.ubuntu.com/usn • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •