CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1013 – kernel: drm_modeset_ctl signedness issue
https://notcve.org/view.php?id=CVE-2011-1013
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. Error de enteros sin signo en Función drm_modeset_ctl en(1) drivers /gpu/drm/drm_irq.c del subsistema Direct Rendering Manager del kernel de Linux con anterioridad a v2.6.38 y (2) sys/dev/pci/drm/drm_irq.c en el kernel de OpenBSD con anterioridad a v4.9 permite a los usuarios locales provocar una salida de los limites en las operaciones de escritura, y por lo tanto provocar una denegación de servicio ( caída del sistema ) o, posiblemente,tener un impacto no especificado, a través de un miembro de la estructura num_crtcs ( vb_num alias ) manipulado en un argumento ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1922756124ddd53846877416d92ba4a802bc658f http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/drm_irq.c http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/drm_irq.c.diff?r1=1.41%3Br2=1.42%3Bf=h http://www.securityfocus.com/bid/47639 https://bugzilla.redhat.com/show_bug.cgi?id=679925 https://exchange. • CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1747
https://notcve.org/view.php?id=CVE-2011-1747
The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls. El subsistema agp en el kernel de Linux v2.6.38.5 y anteriores no restringe correctamente la asignación de memoria por el ( 1 ) AGPIOC_RESERVE y ( 2 )AGPIOC_ALLOCATE ioctls , lo cual permite a usuarios locales causar una denegación de servicio ( consumo de memoria ) haciendo muchas llamadas a estos ioctls. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b522f02184b413955f3bc952e3776ce41edc6355 http://openwall.com/lists/oss-security/2011/04/21/4 http://openwall.com/lists/oss-security/2011/04/22/10 http://openwall.com/lists/oss-security/2011/04/22/11 http://openwall.com/lists/oss-security/2011/04/22/7 http://openwall.com/lists/oss-security/2011/04/22/8 http://openwall.com/lists/oss-security/2011/04/22/9 http://securitytracker.c • CWE-399: Resource Management Errors •
CVSS: 4.9EPSS: 0%CPEs: 665EXPL: 0CVE-2011-1090 – kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab
https://notcve.org/view.php?id=CVE-2011-1090
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL. La función __nfs4_proc_set_ac en fs/nfs/nfs4proc.c en el Kernel de Linux anterior a v.2.6.38 almacena datos NFSv4 ACL en memoria que es asignado por kmalloc pero no libera adecuadamente, lo que permite a usuarios locales provocar una denegación de servicio (pánico) a través de intentos manipulados para establecer un ACL. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9e3d724e2145f5039b423c290ce2b2c3d8f94bc http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://openwall.com/lists/oss-security/2011/03/07/12 http://openwall.com/lists/oss-security/2011/03/07/2 http://secunia.com/advisories/46397 http://securitytracker.com/id?1025336 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 http://www.securityfocus.com/archive/1/52 • CWE-399: Resource Management Errors •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1745 – kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
https://notcve.org/view.php?id=CVE-2011-1745
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. Desbordamiento de enteros en la función agp_generic_insert_memory en los drivers /char/agp/generic.c del kernel de Linux con anterioridad a v2.6.38.5 permite a usuarios locales conseguir privilegios o causar una denegación de servicio ( fallo del sistema ) a través de una llamada ioctl manipulada a AGPIOC_BIND agp_ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=194b3da873fd334ef183806db751473512af29ce http://openwall.com/lists/oss-security/2011/04/21/4 http://openwall.com/lists/oss-security/2011/04/22/7 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5 http://www.securityfocus.com/bid/47534 https://bugzilla.redhat.com/show_bug.cgi?id=698996 https://lkml.org/lkml/2011/4/14&#x • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2011-2022 – kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
https://notcve.org/view.php?id=CVE-2011-2022
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. La función agp_generic_remove_memory en los drivers /char/agp/generic.c del kernel de Linux con anterioridad a v2.6.38.5 no valida un parámetro de inicio determinado, lo que permite a usuarios locales conseguir privilegios o causar una denegación de servicio ( fallo del sistema ) a través de una llamada manipulada AGPIOC_UNBIND agp_ioctl ioctl, es una vulnerabilidad diferente de CVE -2011- 1745. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=194b3da873fd334ef183806db751473512af29ce http://openwall.com/lists/oss-security/2011/04/21/4 http://openwall.com/lists/oss-security/2011/04/22/7 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5 http://www.securityfocus.com/bid/47843 https://bugzilla.redhat.com/show_bug.cgi?id=698996 https://lkml.org/lkml/2011/4/14&#x • CWE-20: Improper Input Validation •