Page 552 of 3326 results (0.023 seconds)

CVSS: 7.8EPSS: 0%CPEs: 316EXPL: 0

CVE-2009-2846

https://notcve.org/view.php?id=CVE-2009-2846

The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. La función eisa_eeprom_read en el componente the parisc isa-eeprom (drivers/parisc/eisa_eeprom.c) en el kernel de Linux anterior a v2.6.31-rc6 permite a usuarios locales acceder a memoria restringida a través de argumentos negativos ppos, lo que evita un control que asume que ppos es positivo y causa una lectura fuera de rango en la función readb. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=6b4dbcd86a9d464057fcc7abe4d0574093071fcc http://secunia.com/advisories/37105 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.openwall.com/lists/oss-security/2009/08/10/1 http://www.openwall.com/lists/oss-security/2009/08/18/6 http://www.ubuntu.com/usn/USN-852-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/52906 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 27EXPL: 2

CVE-2009-2848 – kernel: execve: must clear current->clear_child_tid

https://notcve.org/view.php?id=CVE-2009-2848

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. Una función execve en el kernel de Linux, posiblemente versión 2.6.30-rc6 y anteriores, no borra apropiadamente el puntero de current-)clear_child_tid, lo que permite a los usuarios locales causar una denegación de servicio (corrupción de memoria) o posiblemente alcanzar privilegios por medio de un sistema de clonación que llama con CLONE_CHILD_SETTID o CLONE_CHILD_CLEARTID habilitadas, que no son manejados apropiadamente durante la creación y salida de hilos (subprocesos). • http://article.gmane.org/gmane.linux.kernel/871942 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://rhn.redhat.com/errata/RHSA-2009-1243.html http://secunia.com/advisories/35983 http://secunia.com/advisories/36501 http://secunia.com/advisories/36562 http://secunia.com/advisories/36759 http://secunia.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 5%CPEs: 79EXPL: 0

CVE-2009-2844

https://notcve.org/view.php?id=CVE-2009-2844

cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability. cfg80211 en el archivo net/wireless/scan.c en el kernel de Linux versión 2.6.30-rc1 y otras versiones anteriores a 2.6.31-rc6, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de una secuencia de tramas beacon en los que una trama omite un Elemento de Información (IE) SSID y la trama posterior contiene un IE SSID, que desencadena una desreferencia de un puntero NULL en la función cmp_ies. NOTA: también se abordó una potencial debilidad en la función is_mesh, pero la condición relevante no existía en el código, por lo que no es una vulnerabilidad. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=cd3468bad96c00b5a512f551674f36776129520e http://jon.oberheide.org/files/cfg80211-remote-dos.c http://secunia.com/advisories/36278 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5 http://www.openwall.com/lists/oss-security/2009/08/17/1 http://www.openwall.com/lists/oss-security/2009/08/17/2 http://www.securityfocus.com/bid/36052 • CWE-399: Resource Management Errors •

CVSS: 6.2EPSS: 0%CPEs: 309EXPL: 1

CVE-2009-2849 – kernel: md: NULL pointer deref when accessing suspend_* sysfs attributes

https://notcve.org/view.php?id=CVE-2009-2849

The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker. El driver md (drivers/md/md.c) en el kernel de Linux anteriores a 2.6.30.2 podría permitir a usuarios locales producir una denegación de servicio (referencia a un puntero nulo) a través de vectores relacionados con los " atributos suspend*sysfs" a la funciones (1) suspend_lo_store o (2) suspend_hi_store. NOTA: Esto se trata de una vulnerabilidad cuando sysfs puede ser escrito por un atacante. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git%3Ba=commit%3Bh=3c92900d9a4afb176d3de335dc0da0198660a244 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://secunia.com/advisories/36501 http://secunia.com/advisories/37105 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.2 http://www.openwall.com/lists/oss-security/2009/07/24/1 http://www.openwal • CWE-476: NULL Pointer Dereference •

CVSS: 2.1EPSS: 0%CPEs: 10EXPL: 0

CVE-2009-2691 – kernel: /proc/$pid/maps visible during initial setuid ELF loading

https://notcve.org/view.php?id=CVE-2009-2691

The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. La función mm_for_maps en fs/proc/base.c en el kernel Linux v2.6.30.4 y anteriores permiten a usuarios locales leer (1) mapas y (2) ficheros smaps bajo proc/ a través de vectores relativos a la carga ELF, un proceso setuid, y condición de carrera. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=00f89d218523b9bf6b522349c039d5ac80aa536d http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13f0feafa6b8aead57a2a328e2fca6a5828bf286 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=704b836cbf19e885f8366bccb2e4b0474346c02d http://lkml.org/lkml/2009/6/23/652 http://lkml.org/lkml/2009/6/23/653 http://marc.info/?l=linux-kernel&m=124718946021193 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •