CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1016 – kernel: drm/radeon/kms: check AA resolve registers on r300
https://notcve.org/view.php?id=CVE-2011-1016
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. El driver Radeon GPU en el Kernel de Linux anterior a v2.6.38-rc5 no valida adecuadamente datos relacionados con el registro AA resolve, lo que permite a usuarios locales escribir en lugares de memoria de su elección asociado con (1) Video RAM (también conocido como VRAM) o (2) el Graphics Translation Table (GTT) a través de valores manipulados. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fff1ce4dc6113b6fdc4e3a815ca5fd229408f8ef http://openwall.com/lists/oss-security/2011/02/24/11 http://openwall.com/lists/oss-security/2011/02/24/3 http://openwall.com/lists/oss-security/2011/02/25/4 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5 http://www.securityfocus.com/bid/46557 https://bugzilla.redhat.com/show_bug.cgi?id=680000 https://exchange.xforce. • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1010 – kernel: fs/partitions: Validate map_count in Mac partition tables
https://notcve.org/view.php?id=CVE-2011-1010
Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table. Desbordamiento de búfer en la función mac_partition en fs/partitions/mac.c en el kernel de Linux anteriores a v2.6.37.2, permite a usuarios locales causar una denegación de servicio (pánico) o posiblemente tener un impacto no especificado a través de una tabla de particiones con formato incorrecto de Mac OS. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa7ea87a057958a8b7926c1a60a3ca6d696328ed http://openwall.com/lists/oss-security/2011/02/22/11 http://openwall.com/lists/oss-security/2011/02/22/15 http://openwall.com/lists/oss-security/2011/02/22/3 http://secunia.com/advisories/46397 http://securityreason.com/securityalert/8115 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37.2 http://www.pre-cert.de/advisories/PRE-SA-20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-0999 – kernel: thp: prevent hugepages during args/env copying into the user stack
https://notcve.org/view.php?id=CVE-2011-0999
mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application. mm/huge_memory.c en el kernel de Linux anterior a f2.6.38-rc5 no impide la creación de una transparent huge page (THP) durante la existencia de una pila temporal para una llamada al sistema exec, que permite a usuarios locales causar una denegación de servicio (consumo de memoria) o posiblemente tener un impacto no especificado a través de una aplicación manipulado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31 http://openwall.com/lists/oss-security/2011/02/17/3 http://openwall.com/lists/oss-security/2011/02/17/6 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5 http://www.securityfocus.com/bid/46442 https://bugzilla.redhat.com/show_bug.cgi?id=678209 https://exchange.xforce.ibmcloud.com/vulnerabilities/65535 https://access.redhat.com/se • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 1CVE-2011-0709
https://notcve.org/view.php?id=CVE-2011-0709
The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table. La función br_mdb_ip_get en net/bridge/ br_multicast.c en el kernel de Linux antes de v2.6.35-rc5 permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero nulo y caída del sistema) a través de un paquete IGMP, en relación con la falta de una tabla de multicast. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7f285fa78d4b81b8458f05e77fb6b46245121b4e http://openwall.com/lists/oss-security/2011/02/16/1 http://openwall.com/lists/oss-security/2011/02/16/14 http://openwall.com/lists/oss-security/2011/02/16/8 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.35/ChangeLog-2.6.35-rc5 http://www.securityfocus.com/bid/41432 http://www.spinics.net/lists/netdev/msg134414.html http://www&# • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2011-0712 – kernel: ALSA: caiaq - Fix possible string-buffer overflow
https://notcve.org/view.php?id=CVE-2011-0712
Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c. Múltiples desbordamientos de búfer en la funcionalidad caiaq Native Instruments USB audio en el kernel de Linux antes de v2.6.38-rc4-next-20110215 podrían permitir a atacantes provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de un nombre de dispositivo USB demasiado largo, en relación con (1) la función snd_usb_caiaq_audio_init en sound /usb/caiaq/audio.c y (2) la función snd_usb_caiaq_midi_init en sound/usb/caiaq/midi.c. • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=eaae55dac6b64c0616046436b294e69fc5311581 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2 http://www.openwall.com/lists/oss-security/2011/02/16/11 http://www.openwall.com/lists/oss-security/2011/02/16/12 http://www.openwall.com/lists/oss-security/2011/02/16/5 http://www.securityfocus.com/bid/46419 http://www.ubuntu.com/usn/USN-1146-1 https:/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •