NotCVE - vendor:"Linux" product:"Linux Kernel" version:"

Page 535 of 3326 results (0.024 seconds)

CVSS: 6.9EPSS: 0%CPEs: 293EXPL: 0

CVE-2010-1643 – kernel: nfsd: fix vm overcommit crash

https://notcve.org/view.php?id=CVE-2010-1643

mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad en el fichero mm/shmem.c para el kernel de Linux anterior a v2.6.28-rc3, cuando "strict overcommint" está habilitado no maneja correctamente la exportación del objeto "shmemfs" por "knfsd", lo cual permite a atacantes provocar una denegación de servicio. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=731572d39fcd3498702eda4600db4c43d51e0b26 http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://secunia.com/advisories/40645 http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.openwall.com/lists/oss& •

CVSS: 4.6EPSS: 0%CPEs: 160EXPL: 0

CVE-2010-1641 – kernel: GFS2: The setflags ioctl() doesn't check file ownership

https://notcve.org/view.php?id=CVE-2010-1641

The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. La función "do_gfs2_set_flags" en "fs/gfs2/file.c" del kernel de Linux anterior a v2.6.34-git10 no comprueba el propietario del archivo, lo que permite a usuarios locales evitar restricciones de acceso intencionadas a través de peticiones SETFLAGS ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7df0e0397b9a18358573274db9fdab991941062f http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html http://secunia.com/advisories/40645 http://secunia.com/advisories/43315 http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/incr/patch-2.6.34-git9-git10.bz2 http://www.openwall.com/lists/oss-security/2010/05/25/1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2010-1436 – kernel: gfs2 buffer overflow

https://notcve.org/view.php?id=CVE-2010-1436

gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system. gfs2 del kernel de Linux v2.6.18, y posiblemente otras versiones, no funciona adecuadamente cuando la estructura gfs2_quota ocupa dos páginas separadas, lo que permite a usuarios locales provocar una denegación de servicio (kernel panic) a través de ciertas manipulaciones que causan una escritura fuera de los límites, como se ha demostrado escribiendo desde un sistema de ficheros ext3 a un sistema de ficheros gfs2. • http://secunia.com/advisories/43315 http://www.openwall.com/lists/oss-security/2010/04/27/1 http://www.openwall.com/lists/oss-security/2010/04/28/1 http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=586006 https://exchange.xforce.ibmcloud.com/vulnerabilities/58839 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10652 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •

CVSS: 4.7EPSS: 1%CPEs: 9EXPL: 0

CVE-2010-0730 – xen: emulator instruction decoding inconsistency

https://notcve.org/view.php?id=CVE-2010-0730

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. El decodificador de instrucciones MMIO en el hipervisor Xen en el kernel Linux 2.6.18 en Red Hat Enterprise Linux (RHEL) 5 permite a los usuarios de los sistemas operativos huesped causar una denegación de servicio (cuelgue de sistema operativo huesped de 32-bit) a través de vectores que provocan una emulación de la instrucción sin especificar. • http://secunia.com/advisories/39649 http://secunia.com/advisories/43315 http://support.avaya.com/css/P8/documents/100088287 http://www.openwall.com/lists/oss-security/2010/05/07/1 http://www.redhat.com/support/errata/RHSA-2010-0398.html http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/bid/39979 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=572971 https://oval.cise • CWE-20: Improper Input Validation •

CVSS: 7.1EPSS: 57%CPEs: 405EXPL: 5

CVE-2010-1173 – Linux Kernel 2.6.33.3 - SCTP INIT Remote Denial of Service

https://notcve.org/view.php?id=CVE-2010-1173

The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data. La función sctp_process_unk_param en net/sctp/sm_make_chunk.c en el kernel de Linux v2.6.33.3 y anteriores, cuando está activado SCTP, permite a atacantes remotos provocar una denegación de servicio (caída del sistema) a través de un paquete SCTPChunkInit que contiene múltiples parámetros inválidos que requieren una cantidad grande de datos de error. • https://www.exploit-db.com/exploits/14594 http://article.gmane.org/gmane.linux.network/159531 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809 http://kbase.redhat.com/faq/docs/DOC-31052 http://marc.info/?l=oss-security&m=127251068407878&w=2 http://secunia.com/advisories/39830 http://secunia.com/advisories/40218 http://secunia.com/advisories/43315 http://www.debian.org/security/2010/dsa-2053 http://www • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

1...533 534 535 536 537