CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1079 – kernel: bnep device field missing NULL terminator
https://notcve.org/view.php?id=CVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command. La función de bnep_sock_ioctl en net/bluetooth/bnep/sock.c en versiones del kernel de Linux anteriores a v2.6.39 no garantiza que un campo de dispositivo determinado termine con un '\0', lo que permite a usuarios locales obtener información sensible de la pila del kernel, o causar una denegación de servicio (por caída del sistema), a través de un comando BNEPCONNADD. • http://downloads.avaya.com/css/P8/documents/100145416 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573 http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html http://rhn.redhat.com/errata/RHSA-2011-0833.html http://www.openwall.com/lists/oss-security/2011/03/01/10 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1160 – kernel: tpm infoleaks
https://notcve.org/view.php?id=CVE-2011-1160
The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. La función de tpm_open en drivers/char/tpm/tpm.c en el kernel de Linux anteriores a v2.6.39 no se inicializa un búfer concreto, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de vectores no especificados. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1309d7afbed112f0e8e90be9af975550caa0076b http://www.openwall.com/lists/oss-security/2011/03/15/13 https://bugzilla.redhat.com/show_bug.cgi?id=684671 https://github.com/torvalds/linux/commit/1309d7afbed112f0e8e90be9af975550caa0076b https://access.redhat.com/security/cve/CVE-2011-1160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1776 – kernel: validate size of EFI GUID partition entries
https://notcve.org/view.php?id=CVE-2011-1776
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. La función is_gpt_valid en fs/partitions/efi.c en el kernel de Linux v2.6.39 no comprueba el tamaño de una Tabla de particiones GUID (GPT) de un Interface Firmware Extensible (EFI), lo que permite causar a atacantes físicamente próximos una denegación de servicio (desbordamiento de memoria basado en monticulo y OOPS) u obtener información confidencial de la memoria dinámica del kernel conectando un dispositivo GPT de almacenamiento hecho a mano. Se trata de una vulnerabilidad diferente a CVE-2011-1577. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa039d5f6b126fbd65eefa05db2f67e44df8f121 http://openwall.com/lists/oss-security/2011/05/10/4 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://securityreason.com/securityalert/8369 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt http://www.securityfocus.com/bid/47796 https://bugzilla.redhat.com/show_bug.cgi?id=703026 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1748 – kernel: missing check in can/bcm and can/raw socket releases
https://notcve.org/view.php?id=CVE-2011-1748
The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. La función raw_release en net/can/raw.c en el Kernel de Linux anterior a v2.6.39-rc6 no valida adecuadamente una estructura de datos socket, lo que permite a usuarios locales provocar una denegación de servicio (desreferencia a puntero NULL) o posiblemente tener otro impacto no especificado a través de una liberación de operación. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=10022a6c66e199d8f61d9044543f38785713cbbd http://openwall.com/lists/oss-security/2011/04/20/7 http://openwall.com/lists/oss-security/2011/04/21/1 http://openwall.com/lists/oss-security/2011/04/21/2 http://openwall.com/lists/oss-security/2011/04/21/7 http://openwall.com/lists/oss-security/2011/04/22/2 http://openwall.com/lists/oss-security/2011/04/25/4 http://permalink.gmane. • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1598 – kernel: missing check in can/bcm and can/raw socket releases
https://notcve.org/view.php?id=CVE-2011-1598
The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. La función bcm_release en net/can/bcm.c del kernel de linux en versiones anteriores a v2.6.39-rc6 no valida correctamente una estructura de toma de datos, lo cual permite a usuarios locales causar una denegación de servicio ( desreferenciar un puntero NULL ) o posiblemente tener un impacto no especificado a través de una operación de liberación manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c6914a6f261aca0c9f715f883a353ae7ff51fe83 http://openwall.com/lists/oss-security/2011/04/20/2 http://openwall.com/lists/oss-security/2011/04/20/6 http://openwall.com/lists/oss-security/2011/04/20/7 http://openwall.com/lists/oss-security/2011/04/21/1 http://openwall.com/lists/oss-security/2011/04/21/2 http://openwall.com/lists/oss-security/2011/04/21/7 http://openwall.com/l • CWE-476: NULL Pointer Dereference •