CVE-2011-0999 – kernel: thp: prevent hugepages during args/env copying into the user stack
https://notcve.org/view.php?id=CVE-2011-0999
mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application. mm/huge_memory.c en el kernel de Linux anterior a f2.6.38-rc5 no impide la creación de una transparent huge page (THP) durante la existencia de una pila temporal para una llamada al sistema exec, que permite a usuarios locales causar una denegación de servicio (consumo de memoria) o posiblemente tener un impacto no especificado a través de una aplicación manipulado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31 http://openwall.com/lists/oss-security/2011/02/17/3 http://openwall.com/lists/oss-security/2011/02/17/6 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5 http://www.securityfocus.com/bid/46442 https://bugzilla.redhat.com/show_bug.cgi?id=678209 https://exchange.xforce.ibmcloud.com/vulnerabilities/65535 https://access.redhat.com/se • CWE-400: Uncontrolled Resource Consumption •
CVE-2011-0710 – kernel: s390 task_show_regs infoleak
https://notcve.org/view.php?id=CVE-2011-0710
The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/. La función task_show_regs en arch/s390/kernel/traps.c en el kernel Linux antes de v2.6.38-rc4-next-20110216 en la plataforma s390 permite a usuarios locales obtener los valores de los registros de un proceso de su elección mediante la lectura del archivo del proceso en /proc. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=261cd298a8c363d7985e3482946edb4bfedacf98 http://openwall.com/lists/oss-security/2011/02/16/3 http://openwall.com/lists/oss-security/2011/02/16/9 http://secunia.com/advisories/46397 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110216.bz2 http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/46421 http://www.vmware.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-1044 – kernel: IB/uverbs: Handle large number of entries in poll CQ
https://notcve.org/view.php?id=CVE-2011-1044
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. La función ib_uverbs_poll_cq en drivers/InfiniBand/core/uverbs_cmd.c en el kernel de Linux antes de v2.6.37 no inicializa determinado buffer de respuesta, lo que permite obtener información sensible de la memoria del kernel a usuarios locales a través de vectores que causan que este búfer este sólo parcialmente lleno. Se trata de una vulnerabilidad diferente a CVE-2010-4.649. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7182afea8d1afd432a17c18162cc3fd441d0da93 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 http://www.securityfocus.com/bid/46488 https://bugzilla.redhat.com/show_bug.cgi?id=667916 https://exchange.xforce.ibmcloud.com/vulnerabilities/65563 https://access.redhat.com/security/cve/CVE-2011-1044 • CWE-909: Missing Initialization of Resource •
CVE-2011-0712 – kernel: ALSA: caiaq - Fix possible string-buffer overflow
https://notcve.org/view.php?id=CVE-2011-0712
Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c. Múltiples desbordamientos de búfer en la funcionalidad caiaq Native Instruments USB audio en el kernel de Linux antes de v2.6.38-rc4-next-20110215 podrían permitir a atacantes provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de un nombre de dispositivo USB demasiado largo, en relación con (1) la función snd_usb_caiaq_audio_init en sound /usb/caiaq/audio.c y (2) la función snd_usb_caiaq_midi_init en sound/usb/caiaq/midi.c. • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=eaae55dac6b64c0616046436b294e69fc5311581 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2 http://www.openwall.com/lists/oss-security/2011/02/16/11 http://www.openwall.com/lists/oss-security/2011/02/16/12 http://www.openwall.com/lists/oss-security/2011/02/16/5 http://www.securityfocus.com/bid/46419 http://www.ubuntu.com/usn/USN-1146-1 https:/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2011-0709
https://notcve.org/view.php?id=CVE-2011-0709
The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table. La función br_mdb_ip_get en net/bridge/ br_multicast.c en el kernel de Linux antes de v2.6.35-rc5 permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero nulo y caída del sistema) a través de un paquete IGMP, en relación con la falta de una tabla de multicast. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7f285fa78d4b81b8458f05e77fb6b46245121b4e http://openwall.com/lists/oss-security/2011/02/16/1 http://openwall.com/lists/oss-security/2011/02/16/14 http://openwall.com/lists/oss-security/2011/02/16/8 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.35/ChangeLog-2.6.35-rc5 http://www.securityfocus.com/bid/41432 http://www.spinics.net/lists/netdev/msg134414.html http://www • CWE-476: NULL Pointer Dereference •