CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2008-3534 – kernel: tmpfs: fix kernel BUG in shmem_delete_inode
https://notcve.org/view.php?id=CVE-2008-3534
08 Aug 2008 — The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count. La función shmem_delete_inode de mm/shmem.c en la implementación the tmpfs de Linux kernel versiones anteriores a 2.6.26.1 permite a usua... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=14fcc23fdc78e9d32372553ccf21758a9bd56fa1 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2008-3535 – kernel: fix off-by-one error in iov_iter_advance()
https://notcve.org/view.php?id=CVE-2008-3535
08 Aug 2008 — Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project. Error de superación del límite en la función iov_iter_advance de mm/filemap.c en Linux kernel versiones anteriores a 2.6.27-rc2 permite a usuarios locales provocar una denegación de servicio (ca... • http://mirror.celinuxforum.org/gitstat/commit-detail.php?commit=94ad374a0751f40d25e22e036c37f7263569d24c • CWE-193: Off-by-one Error •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2008-3272 – kernel snd_seq_oss_synth_make_info leak
https://notcve.org/view.php?id=CVE-2008-3272
08 Aug 2008 — The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information. La función snd_seq_oss_synth_make_info de sound/core/seq/oss/seq_oss_synth.c en el subsistema sound de Linux kernel versiones anteriores a 2.6.27-rc2 no verifica que el número de disposi... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82e68f7ffec3800425f2391c8c86277606860442 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2008-3496
https://notcve.org/view.php?id=CVE-2008-3496
06 Aug 2008 — Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors. Desbordamiento de búfer en format descriptor parsing en la función uvc_parse_format de drivers/media/video/uvc/uvc_driver.c en uvcvideo de la implementación video4linux (V4L) de Linux kernel versiones anteriores a 2.6.26.1 tiene un impacto y vectores de ataque descon... • http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2008-3247
https://notcve.org/view.php?id=CVE-2008-3247
24 Jul 2008 — The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors. La implementación LDT en el kernel de Linux versiones 2.6.25.x anteriores a 2.6.25.11 en plataformas x86_64 utiliza un tamaño incorrecto para ldt_desc, lo que permite a los usuarios locales causar una denegación de servicio (bloqueo del sistema) o posiblemente alc... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=74454a6a286bfce4bb23d89bd465f856fa6a6e19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3077
https://notcve.org/view.php?id=CVE-2008-3077
09 Jul 2008 — arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact via unknown vectors, possibly a use-after-free vulnerability. arch/x86/kernel/ptrace.c en el núcleo de Linux anterior a 2.6.25.10 para plataformas x86_64, filtra referencias task_struct en la función sys32_ptrace, esto permita a usuarios locales provocar una deneg... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=1e9a615bfce7996ea4d815d45d364b47ac6a74e8 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2008-2812 – kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code
https://notcve.org/view.php?id=CVE-2008-2812
09 Jul 2008 — The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. El núcleo de Linux anterior a 2.6.25.10, no realiza de forma adecuada las operaciones tty, es... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2008-2826 – kernel: sctp: sctp_getsockopt_local_addrs_old() potential overflow
https://notcve.org/view.php?id=CVE-2008-2826
02 Jul 2008 — Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure. Desbordamiento de entero en la función sctp_getsockopt_local_addrs_old de net/sctp/socket.c en la funcionalidad Stream Control Transmission Protocol (s... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=735ce972fbc8a65fb17788debd7bbe7b4383cc62 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2008-2372 – kernel: Reinstate ZERO_PAGE optimization in 'get_user_pages()' and fix XIP
https://notcve.org/view.php?id=CVE-2008-2372
02 Jul 2008 — The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages." El núcleo de Linux 2.6.24 y 2.6.25 versiones anteriores a 2.6.25.9 permite a usuarios locales provocar una denegación de servicio (consumo de memoria) a través de un número largo de llamadas a la función get_user_pages, la cual carece d... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89f5b7da2a6bad2e84670422ab8192382a5aeb9f • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 157EXPL: 2CVE-2008-2365 – Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service
https://notcve.org/view.php?id=CVE-2008-2365
30 Jun 2008 — Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only... • https://www.exploit-db.com/exploits/31965 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •