Page 505 of 2995 results (0.024 seconds)

CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. El controlador de array de discos HP Smart Array y el controlador de array de discos Compaq SMART2 en Linux kernel hasta v3.9.4 no inicializa ciertas estructuras de datos, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de (1) un comando modificado IDAGETPCIINFO para el dispositivo /dev/ida, relacionado con la función ida_locked_ioctl en drivers/block/cpqarray.c o (2) un comando modificado CCISS_PASSTHRU32 para el dispositivo /dev/cciss relacionado con la función cciss_ioctl32_passthru en drivers/block/cciss.c. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://lkml.org/lkml/2013/6/3/127 http://lkml.org/lkml/2013/6/3/131 http://rhn.redhat.com/errata/RHSA-2013-1166.html http://www.openwall.com/lists/oss-security/2013/06/05/25 http://www.ubuntu.com/usn/USN-1994-1 http://www.ubuntu.com/usn/USN-1996-1 http://www.ubuntu.com/usn/USN-1997-1 http://www.ubuntu.com/usn/USN-1999-1 http://www.ubuntu.com/usn/USN-20 • CWE-399: Resource Management Errors •

CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0

Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. Vulnerabilidad de formato de cadena en la función register_disk en block/genhd.c en Linux kernel hasta v3.9.4 permite a usuarios locales conseguir privilegios haciendo uso de acceso root y la escritura especificadores de formato de cadena en /sys/module/md_mod/parameters/new_array con el fin de crear un dispositivo /dev/md con el nombre manipulado. • http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://marc.info/?l=linux-kernel&m=137055204522556&w=2 http://rhn.redhat.com/errata/RHSA-2013-1645.html http://rhn.redhat.com/errata/RHSA-2013-1783.html http://rhn.redhat.com/errata/RHSA-2014-0284.html http://www.debian.org/security/2013/dsa-2766 http://www • CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 2

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. Desbordamiento de búfer basado en memoria dinámica en la función tg3_read_vpd en drivers/net/ethernet/broadcom/tg3.c en el kernel de Linux anterior a v3.8.3 que permite a a atacantes físicamente cercanos causar una denegación de servicios (caída del sistema) o posiblemente ejecutar código arbitrario a través de firmware manipulado que especifica una cadena larga en la estructura de datos Vital Prduct Data (VPD) • http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=715230a44310a8cf66fbfb5a46f9a62a9b2de424 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101836.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 7

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. La función perf_swevent_init en kernel/events/core.c en el Kernel de Linux anterior a v3.8.9 usa un tipo de datos entero incorrecto, lo que permite a usuarios locales ganar privilegios mediante una llamada al sistema perf_event_open especialmente diseñada. Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation. • https://www.exploit-db.com/exploits/25444 https://www.exploit-db.com/exploits/26131 https://www.exploit-db.com/exploits/33589 https://github.com/Pashkela/CVE-2013-2094 https://github.com/vnik5287/CVE-2013-2094 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html http://lis • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •

CVSS: 7.8EPSS: 2%CPEs: 29EXPL: 0

The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error. El driver Veth (también conocido como Ethernet virtual) en el kernel Linux anterior a v2.6.34 no gestiona adecuadamente skbs durante la congestión, lo que permite a atacantes remotos provocar una denegación de servicio (caída del sistema), aprovechando la falta de consumo de skb junto con un error de doble liberación. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6ec82562ffc6f297d0de36d65776cff8e5704867 http://www.openwall.com/lists/oss-security/2013/04/29/10 https://bugzilla.redhat.com/show_bug.cgi?id=957705 https://github.com/torvalds/linux/commit/6ec82562ffc6f297d0de36d65776cff8e5704867 https://support.f5.com/csp/article/K39655464 https://access.redhat.com/security/cve/CVE-2013-2017 • CWE-399: Resource Management Errors •