CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 0CVE-2011-2494 – kernel: taskstats io infoleak
https://notcve.org/view.php?id=CVE-2011-2494
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password. kernel/taskstats.c del kernel de Linux en versiones anteriores a la 3.1 permite a usuarios locales obtener información confidencial de estadísticas de I/O enviando comandos taskstats al socket netlink, tal como se ha demostrado descubriendo la longitud de la contraseña de otro usuario. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1a51410abe7d0ee4b1d112780f46df87d3621043 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://secunia.com/advisories/48898 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 http://www.openwall.com/lists/oss-security/2011/06/27/1 https://bugzilla.redhat.com/show_bug.cgi?id=716842 https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043 https://access. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2898 – kernel: af_packet: infoleak
https://notcve.org/view.php?id=CVE-2011-2898
net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. net/packet/af_packet.c en el kernel de Linux antes de v2.6.39.3 no restringe adecuadamente el acceso al espacio de usuario a ciertas estructuras de paquetes de datos asociados VLAN Tag Control Information, lo que permite a usuarios locales obtener información sensible a través de una aplicación modificada. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13fcb7bd322164c67926ffe272846d4860196dc6 http://www.openwall.com/lists/oss-security/2011/08/03/7 https://bugzilla.redhat.com/show_bug.cgi?id=728023 https://github.com/torvalds/linux/commit/13fcb7bd322164c67926ffe272846d4860196dc6 https://access.redhat.com/security/cve/CVE-2011-2898 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2521 – kernel: perf, x86: fix Intel fixed counters base initialization
https://notcve.org/view.php?id=CVE-2011-2521
The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program. La función x86_assign_hw_event de arch/x86/kernel/cpu/perf_event.c en el rendimiento del subsistema de eventos en el kernel de Linux antes de 2.6.39 no calcula correctamente los valores de contador, lo que permite a usuarios locales causar una denegación de servicio (panic) a través del programa perfs. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc66c5210ec2539e800e87d7b3a985323c7be96e http://www.openwall.com/lists/oss-security/2011/07/06/4 https://bugzilla.redhat.com/show_bug.cgi?id=719228 https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e https://access.redhat.com/security/cve/CVE-2011-2521 • CWE-189: Numeric Errors •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2011-1076
https://notcve.org/view.php?id=CVE-2011-1076
net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key. net/dns_resolver/dns_key.c del kernel de Linux en versiones anteriores a la 2.6.38 permite a servidores DNS remotos provocar una denegación de servicio (resolución de puntero NULL y OOPS) no proporcionando una respuesta válida a una petición DNS, como se ha demostrado por una petición errónea a grand.centrall.org, lo que provoca un manejo erróneo de datos de error dentro una "DNS resolver key". • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1362fa078dae16776cd439791c6605b224ea6171 http://openwall.com/lists/oss-security/2011/03/04/13 http://securitytracker.com/id?1025162 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 1CVE-2011-2211
https://notcve.org/view.php?id=CVE-2011-2211
The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform uses an incorrect pointer, which allows local users to gain privileges by writing a certain integer value to kernel memory. La función osf_wait4 de arch/alpha/kernel/osf_sys.c del kernel de Linux en versiones anteriores a la 2.6.39.4 de la plataforma Alpha utiliza un puntero incorrecto, lo que permite a usuarios locales escalar privilegios escribiendo un valor entero determinado en la memoria del kernel. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=21c5977a836e399fc710ff2c5367845ed5c2527f http://www.openwall.com/lists/oss-security/2011/06/15/7 https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f • CWE-264: Permissions, Privileges, and Access Controls •