CVE-2011-4347 – kernel: kvm: device assignment DoS
https://notcve.org/view.php?id=CVE-2011-4347
The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation. La función kvm_vm_ioctl_assign_device en virt/kvm/assigned-dev.c de los subsistemas KVM en los kernel Linux anteriores a v3.1.10 no verifica los permisos de acceso al espacio de configuración PCI y recursos BAR, permitiendo que usuarios del SO asignen dispositivos PCI y provoquen una denegación del servicio (parada del SO) mediante una operación KVM_ASSIGN_PCI_DEVICE. • http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.10 http://www.openwall.com/lists/oss-security/2011/11/24/7 https://bugzilla.redhat.com/show_bug.cgi?id=756084 https://github.com/torvalds/linux/commit/c4e7f9022e506c6635a5037713c37118e23193e4 https://access.redhat.com/security/cve/CVE-2011-4347 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0055 – OverlayFS inode Security Checks - 'inode.c' Local Security Bypass
https://notcve.org/view.php?id=CVE-2012-0055
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. OverlayFS en el kernel de Linux versiones anteriores a 3.0.0-16.28, como es usado en Ubuntu versiones 10.0.4 LTS y 11.10, carece de verificaciones de seguridad de inode que podrían permitir a atacantes omitir las restricciones de seguridad y llevar a cabo acciones no autorizadas. • https://www.exploit-db.com/exploits/36571 http://www.openwall.com/lists/oss-security/2012/01/17/11 http://www.ubuntu.com/usn/USN-1363-1 http://www.ubuntu.com/usn/USN-1364-1 http://www.ubuntu.com/usn/USN-1384-1 https://access.redhat.com/security/cve/cve-2012-0055 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055 • CWE-862: Missing Authorization •
CVE-2011-4086 – kernel: jbd2: unmapped buffer with _Unwritten or _Delay flags set can lead to DoS
https://notcve.org/view.php?id=CVE-2011-4086
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal. La función journal_unmap_buffer en fs/jbd2/transaction.c en el kernel de linux anterior a v3.3.1 no maneja correctamente el "buffer head states" _Delay y _Unwritten, permitiendo a usuarios locales causar una denegación de servicio aprovechándose de la presencia de un sistema de ficheros ext4 que está montado con journal • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=15291164b22a357cb211b618adfef4fa82fc0de3 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html http://rhn.redhat.com/errata/RHSA-2012-0571.html http://rhn.redhat.com/errata/RHSA-2012-0670.html http://secunia.com/advisories/48898 http://secunia.com/advisories/48964 http://www.debian.org/security/2012/dsa-2469 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0038 – kernel: xfs heap overflow
https://notcve.org/view.php?id=CVE-2012-0038
Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow. Desbordamiento de entero en la función xfs_acl_from_disk en fs/xfs/xfs_acl.c en el núcleo de Linux anterior a v3.1.9 que permite a usuarios locales causar una denegación de servicio (panic) a través del sistema de ficheros con una lista ACL mal construida, dando lugar a un desbordamiento de búfer basado en heap. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=093019cf1b18dd31b2c3b77acce4e000e2cbc9ce http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.9 http://www.openwall.com/lists/oss-security/2012/01/10/11 https://bugzilla.redhat.com/show_bug.cgi?id=773280 https://github.com/torvalds/linux/commit/093019cf1b18dd31b2c3b77acce4e000e2cbc9ce https:/ • CWE-190: Integer Overflow or Wraparound •
CVE-2012-0044 – kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl()
https://notcve.org/view.php?id=CVE-2012-0044
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call. Un desbordamiento de entero en la función de drm_mode_dirtyfb_ioctl en drivers/gpu/drm/ drm_crtc.c en el subsistema "Direct Rendering Manager" (DRM) en el kernel de Linux en versiones anteriores a la v3.1.5 permite a usuarios locales obtener privilegios o causar una denegación de servicio (por corrupción de memoria) a través de una llamada a ioctl debdamente modificada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a5cd335165e31db9dbab636fd29895d41da55dd2 http://rhn.redhat.com/errata/RHSA-2012-0743.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.5 http://www.openwall.com/lists/oss-security/2012/01/12/1 http://www.securityfocus.com/bid/51371 http://www.ubuntu.com/usn/USN-1555-1 http://www.ubuntu.com/usn/USN-1556-1 https://bugzilla.redhat.com/show_bug.cgi?id=772894 https:/& • CWE-190: Integer Overflow or Wraparound •