CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-1581 – kernel: bonding: Incorrect TX queue offset
https://notcve.org/view.php?id=CVE-2011-1581
The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic. La función bond_select_queue en drivers/net/bonding/bond_main.c en el kernel de Linux anteriores a v2.6.39, cuando esta configurado un dispositivo de red con un gran número de colas de recepción pero el tx_queues es el predeterminado, no restringen adecuadamente los índices de cola, lo que permite a atacantes remotos provocar una denegación de servicio (BUG y caída del sistema) o posiblemente tener un impacto no especificado mediante el envío de tráfico de red. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd0e435b0fe85622f167b84432552885a4856ac8 http://openwall.com/lists/oss-security/2011/04/13/16 http://openwall.com/lists/oss-security/2011/04/13/4 http://securitytracker.com/id?1025558 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 https://bugzilla.redhat.com/show_bug.cgi?id=696029 https://access.redhat.com/security/cve/CVE-2011-1581 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1079 – kernel: bnep device field missing NULL terminator
https://notcve.org/view.php?id=CVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command. La función de bnep_sock_ioctl en net/bluetooth/bnep/sock.c en versiones del kernel de Linux anteriores a v2.6.39 no garantiza que un campo de dispositivo determinado termine con un '\0', lo que permite a usuarios locales obtener información sensible de la pila del kernel, o causar una denegación de servicio (por caída del sistema), a través de un comando BNEPCONNADD. • http://downloads.avaya.com/css/P8/documents/100145416 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573 http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html http://rhn.redhat.com/errata/RHSA-2011-0833.html http://www.openwall.com/lists/oss-security/2011/03/01/10 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1160 – kernel: tpm infoleaks
https://notcve.org/view.php?id=CVE-2011-1160
The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. La función de tpm_open en drivers/char/tpm/tpm.c en el kernel de Linux anteriores a v2.6.39 no se inicializa un búfer concreto, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de vectores no especificados. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1309d7afbed112f0e8e90be9af975550caa0076b http://www.openwall.com/lists/oss-security/2011/03/15/13 https://bugzilla.redhat.com/show_bug.cgi?id=684671 https://github.com/torvalds/linux/commit/1309d7afbed112f0e8e90be9af975550caa0076b https://access.redhat.com/security/cve/CVE-2011-1160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.6EPSS: 0%CPEs: 7EXPL: 1CVE-2011-1182 – kernel signal spoofing issue
https://notcve.org/view.php?id=CVE-2011-1182
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. kernel/signal.c en Linux kernel anterior a v2.6.39 permite a usuarios locales falsear el "uid" y el "pid" a través de un envío de señal de una llamada del sistema "sigqueueinfo". • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=da48524eb20662618854bb3df2db01fc65f3070c http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.openwall.com/lists/oss-security/2011/03/23/2 https://bugzilla.redhat.com/show_bug.cgi?id=690028 https://github.com/torvalds/linux/commit/da48524eb20662618854bb3df2db01fc65f3070c https://access.redhat.com/security/cve/CVE-2011-1182 •
CVSS: 2.1EPSS: 0%CPEs: 674EXPL: 0CVE-2011-0726 – kernel: proc: protect mm start_code/end_code in /proc/pid/stat
https://notcve.org/view.php?id=CVE-2011-0726
The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. Función do_task_stat en fs/proc/array.c en el kernel de linux antes de v2.6.39-rc1 no realiza una comprobación de uid esperado, lo que hace que sea más fácil para los usuarios locales derrotar a los mecanismos de protección ASLR mediante la lectura de los campos start_code y end_code en el archivo /proc/#####/stat para un proceso ejecutando un binario PIE. • http://downloads.avaya.com/css/P8/documents/100145416 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5883f57ca0008ffc93e09cbb9847a1928e50c6f3 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.39/ChangeLog-2.6.39-rc1 http://www.securityfocus.com/bid/47791 http://www.spinics.net/lists/mm-commits/msg82726.html https://bugzilla.redhat.com/show_bug.cgi?id=684569 https://lkml.org/lkml/ • CWE-20: Improper Input Validation •