CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2011-0695 – kernel: panic in ib_cm:cm_work_handler
https://notcve.org/view.php?id=CVE-2011-0695
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference. Condición de carrera en la función cm_work_handler del controlador InfiniBand (drivers/infiniband/core/cma.c) del kernel de Linux 2.6.x. Permite a atacantes remotos provocar una denegación de servicio (panic) enviando una petición InfiniBand mientras otros manejadores de petición se están ejecutando, lo que provoca una resolución de puntero inválida. • http://rhn.redhat.com/errata/RHSA-2011-0927.html http://secunia.com/advisories/43693 http://www.openwall.com/lists/oss-security/2011/03/11/1 http://www.securityfocus.com/bid/46839 http://www.spinics.net/lists/linux-rdma/msg07447.html http://www.spinics.net/lists/linux-rdma/msg07448.html http://www.ubuntu.com/usn/USN-1146-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/66056 https://access.redhat.com/security/cve/CVE-2011-0695 https://bugzilla.redhat.com/s • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2011-1017
https://notcve.org/view.php?id=CVE-2011-1017
Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table. Desbordamiento de búfer en memoria dinámica en la función ldm_frag_add en fs/partitions/ldm.c en el kernel de Linux v2.6.37.2 y anteriores, podría permitir a usuarios locales conseguir privilegios u obtener información sensible a través de una tabla de particiones LDM manipulada. • http://openwall.com/lists/oss-security/2011/02/23/16 http://openwall.com/lists/oss-security/2011/02/24/14 http://openwall.com/lists/oss-security/2011/02/24/4 http://secunia.com/advisories/43716 http://secunia.com/advisories/43738 http://securityreason.com/securityalert/8115 http://securitytracker.com/id?1025128 http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt http://www.securityfocus.com/archive/1/516615/100/0/threaded http://www.securityfocus.com/bid/4 • CWE-787: Out-of-bounds Write •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2011-0711 – kernel: xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
https://notcve.org/view.php?id=CVE-2011-0711
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. La función xfs_fs_geometry de fs/xfs/xfs_fsops.c del kernel de Linux en versiones anteriores a la 2.6.38-rc6-git3 no inicializa un miembro determinado de una estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la memoria de la pila del kernel a través de una llamada ioctl FSGEOMETRY_V1. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba http://openwall.com/lists/oss-security/2011/02/16/10 http://openwall.com/lists/oss-security/2011/02/16/4 http://osvdb.org/70950 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git3.log http://www.securityfocus.com/bid/46417 https://bugzilla.redhat.com/show_bug.cgi?id=67 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2011-1012
https://notcve.org/view.php?id=CVE-2011-1012
The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table. La función ldm_parse_vmdb en fs/partitions/ldm.c en el kernel de Linux anterior a v2.6.38-rc6-git6, no valida el valor del tamaño VBLK en la estructura VMDB en una tabla de particiones LDM, lo que permite a usuarios locales causar una denegación de servicio (división por cero error y OOPS) a través de una tabla de particiones manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=294f6cf48666825d23c9372ef37631232746e40d http://openwall.com/lists/oss-security/2011/02/23/21 http://openwall.com/lists/oss-security/2011/02/23/4 http://securityreason.com/securityalert/8115 http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git6.log http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt http://www.securityfocus.com/archive/1/516615/100/0/threaded http: • CWE-369: Divide By Zero •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 4CVE-2011-1020 – Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation
https://notcve.org/view.php?id=CVE-2011-1020
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. La implementación del sistema de ficheros proc en el Kernel de Linux v2.6.37 y anteriores no restringe el acceso a un proceso del árbol del directorio /proc después de realizar este un proceso exec en un programa setuid, permite a usuarios locales obtener información sensible o provocar una denegación de servicio a través de llamadas open, lseek, read y write al sistema. Linux kernel version 2.6.32 (Ubuntu 10.04) suffers from a /proc handling setuid privilege escalation vulnerability. • https://www.exploit-db.com/exploits/41770 http://openwall.com/lists/oss-security/2011/02/24/18 http://openwall.com/lists/oss-security/2011/02/25/2 http://seclists.org/fulldisclosure/2011/Jan/421 http://secunia.com/advisories/43496 http://securityreason.com/securityalert/8107 http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface http://www.securityfocus.com/bid/46567 https://exchange.xforce.ibmcloud.com/vulnerabilities/65693 https://lkml.org/lkml/2011/2/10/21 htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •