CVSS: 8.1EPSS: 2%CPEs: 18EXPL: 6CVE-2010-3904 – Linux Kernel Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2010-3904
06 Dec 2010 — The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. La función rds_page_copy_user de net/rds/page.c en la implementación del protocolo "Reliable Datagram Sockets" (RDS) del kernel de Linux en versiones anteriores a la 2.6.36 no valida apropiadamente las... • https://packetstorm.news/files/id/155751 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2010-4080 – kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4080
30 Nov 2010 — The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. La función snd_hdsp_hwdep_ioctl en sound/pci/rme9652/hdsp.c en el kernel de Linux anterior a v2.6.36-rc6 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información sensible de la pila de l... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2010-4081 – kernel: drivers/sound/pci/rme9652/hdspm.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4081
30 Nov 2010 — The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. La función snd_hdspm_hwdep_ioctl en sound/pci/rme9652/hdspm.c en el kernel de Linux anterior a v2.6.36-rc6 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información sensible de la pila... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2010-4082 – kernel: drivers/video/via/ioctl.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4082
30 Nov 2010 — The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. La función viafb_ioctl_get_viafb_info en drivers/video/via/ioctl.c en el kernel de Linux anterior a v2.6.36-rc5 no inicializa correctamente un valor de una determinada estructura, lo que permite a usuarios locales obtener... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4aaa78f4c2f9cde2f335b14f4ca30b01f9651ca • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-4083 – kernel: ipc/sem.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4083
30 Nov 2010 — The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. La función copy_semid_to_user en ipc/sem.c en el kernel de Linux asntes de v2.6.36 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información potencialmente sensibl... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=982f7c2b2e6a28f8f266e075d92e19c0dd4c6e56 • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2010-4078
https://notcve.org/view.php?id=CVE-2010-4078
29 Nov 2010 — The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. La función sisfb_ioctl de drivers/video/sis/sis_main.c del kernel de Linux en versiones anteriores a la 2.6.36-rc6 no inicializa apropiadamente un miembro de una determinada estructura, lo que permite a usuarios locales obtener info... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd02db9de73faebc51240619c7c7f99bee9f65c7 • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2010-4072 – kernel: ipc/shm.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4072
29 Nov 2010 — The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." La función copy_shmid_to_user de ipc/shm.c del kernel de Linux en versiones anteriores a la 2.6.37-rc1 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información potencialmente confi... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 2CVE-2010-4073 – Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-4073
29 Nov 2010 — The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. El subsistema ipc del kernel de Linux en versiones anteriores a la 2.6.37-rc1 no inicializa determinad... • https://www.exploit-db.com/exploits/17787 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2010-2962 – kernel: arbitrary kernel memory write via i915 GEM ioctl
https://notcve.org/view.php?id=CVE-2010-2962
26 Nov 2010 — drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations. drivers/gpu/drm/i915/i915_gem.c en el Graphics Execution Manager (GEM) en el contr... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ce9d419dbecc292cc3e06e8b1d6d123d3fa813a4 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 4CVE-2010-4165 – Linux Kernel 2.6.37 - Local Kernel Denial of Service
https://notcve.org/view.php?id=CVE-2010-4165
20 Nov 2010 — The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer. La función do_tcp_setsockopt de net/ipv4/tcp.c en el kernel de Linux anterior a 2.6.37-rc2 no restringe adecuadamente los valores TCP_MAXSEG (también conocidos como MSS), esto permite ... • https://www.exploit-db.com/exploits/16263 • CWE-369: Divide By Zero •