CVSS: 1.9EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1078 – kernel: bt sco_conninfo infoleak
https://notcve.org/view.php?id=CVE-2011-1078
The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option. La función sco_sock_getsockopt_old en net/bluetooth/sco.c en el kernel de Linux anteriores a v2.6.39 no inicializa una estructura concreta, lo que permite a usuarios locales obtener información sensible de la de pila memoria del núcleo a través de la opción SCO_CONNINFO. • http://downloads.avaya.com/css/P8/documents/100145416 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c4c896e1471aec3b004a693c689f60be3b17ac86 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://rhn.redhat.com/errata/RHSA-2012-1156.html http://www.openwall.com/lists/oss-security/2011/03/01/10 https://bugzilla.redhat.com/show_bug.cgi?id=681259 https://github.com/torvalds/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1477
https://notcve.org/view.php?id=CVE-2011-1477
Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer. Múltiples errores de índice de matriz en sound/oss/opl3.c en versiones del kernel de Linux anteriores a v2.6.39 permiten a usuarios locales provocar una denegación de servicio (corrupción de memoria dinámica) o posiblemente obtener privilegios mediante el aprovechamiento del acceso de escritura a /dev/sequencer. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4d00135a680727f6c3be78f8befaac009030e4df http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://www.openwall.com/lists/oss-security/2011/03/25/1 https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1776 – kernel: validate size of EFI GUID partition entries
https://notcve.org/view.php?id=CVE-2011-1776
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. La función is_gpt_valid en fs/partitions/efi.c en el kernel de Linux v2.6.39 no comprueba el tamaño de una Tabla de particiones GUID (GPT) de un Interface Firmware Extensible (EFI), lo que permite causar a atacantes físicamente próximos una denegación de servicio (desbordamiento de memoria basado en monticulo y OOPS) u obtener información confidencial de la memoria dinámica del kernel conectando un dispositivo GPT de almacenamiento hecho a mano. Se trata de una vulnerabilidad diferente a CVE-2011-1577. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa039d5f6b126fbd65eefa05db2f67e44df8f121 http://openwall.com/lists/oss-security/2011/05/10/4 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://securityreason.com/securityalert/8369 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt http://www.securityfocus.com/bid/47796 https://bugzilla.redhat.com/show_bug.cgi?id=703026 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1748 – kernel: missing check in can/bcm and can/raw socket releases
https://notcve.org/view.php?id=CVE-2011-1748
The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. La función raw_release en net/can/raw.c en el Kernel de Linux anterior a v2.6.39-rc6 no valida adecuadamente una estructura de datos socket, lo que permite a usuarios locales provocar una denegación de servicio (desreferencia a puntero NULL) o posiblemente tener otro impacto no especificado a través de una liberación de operación. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=10022a6c66e199d8f61d9044543f38785713cbbd http://openwall.com/lists/oss-security/2011/04/20/7 http://openwall.com/lists/oss-security/2011/04/21/1 http://openwall.com/lists/oss-security/2011/04/21/2 http://openwall.com/lists/oss-security/2011/04/21/7 http://openwall.com/lists/oss-security/2011/04/22/2 http://openwall.com/lists/oss-security/2011/04/25/4 http://permalink.gmane. • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1598 – kernel: missing check in can/bcm and can/raw socket releases
https://notcve.org/view.php?id=CVE-2011-1598
The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. La función bcm_release en net/can/bcm.c del kernel de linux en versiones anteriores a v2.6.39-rc6 no valida correctamente una estructura de toma de datos, lo cual permite a usuarios locales causar una denegación de servicio ( desreferenciar un puntero NULL ) o posiblemente tener un impacto no especificado a través de una operación de liberación manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c6914a6f261aca0c9f715f883a353ae7ff51fe83 http://openwall.com/lists/oss-security/2011/04/20/2 http://openwall.com/lists/oss-security/2011/04/20/6 http://openwall.com/lists/oss-security/2011/04/20/7 http://openwall.com/lists/oss-security/2011/04/21/1 http://openwall.com/lists/oss-security/2011/04/21/2 http://openwall.com/lists/oss-security/2011/04/21/7 http://openwall.com/l • CWE-476: NULL Pointer Dereference •