CVE-2013-3226
https://notcve.org/view.php?id=CVE-2013-3226
The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función sco_sock_recvmsg en net/bluetooth/sco.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c8c499175f7d295ef867335bceb9a76a2c3cdc38 http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1 https://github.com/torvalds/linux/commit/c8c499175f7d295ef867335bceb9a76a2c3cdc38 https://lkml.org/lkml/2013/4/14/107 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3227
https://notcve.org/view.php?id=CVE-2013-3227
The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función caif_seqpkt_recvmsg en net/caif/caif_socket.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2d6fbfe733f35c6b355c216644e08e149c61b271 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-2596 – Linux Kernel Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2013-2596
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. Una determinada version de Android v4.1.2 en dispositivos Motorola Razr HD, Razr M, y Atrix HD con el chipset Qualcomm MSM8960 permite a atacantes físicamente próximos obtener acceso de root entrando en el modo de depuración USB, usando Android Debug Bridge (ADB) para establecer una conexión USB, y cargar y ejecutar el programa pwn Motochopper. An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation. • http://forum.xda-developers.com/showthread.php?t=2255491 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13e http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4a http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://marc.info/? • CWE-190: Integer Overflow or Wraparound •
CVE-2013-1858
https://notcve.org/view.php?id=CVE-2013-1858
The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process. La implementación de la llamada al sistema clone en el kernel Linux anteriores a v3.8.3 no maneja de forma adecuada la combinación de las «flags» CLONE_NEWUSER y CLONE_FS, lo que permite a usuarios locales obtener privilegios llamando a chroot aprovechando la compartición del directorio / entre un proceso padre y un proceso hijo. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e66eded8309ebf679d3d3c1f5820d1f2ca332c71 http://stealth.openwall.net/xSports/clown-newuser.c http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3 http://www.openwall.com/lists/oss-security/2013/03/14/6 https://bugzilla.redhat.com/show_bug.cgi?id=921448 https://github.com/torvalds/linux/commit/e66eded8309ebf679d3d3c1f5820d1f2ca332c71 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-1826 – Kernel: xfrm_user: return error pointer instead of NULL
https://notcve.org/view.php?id=CVE-2013-1826
The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability. La función xfrm_state_netlink en net/xfrm/xfrm_user.c en el kernel de Linux anterior a v3.5.7 no controla correctamente las condiciones de error en las llamadas a funciones dump_one_state, permitiendo a usuarios locales obtener privilegios o causar una denegación de servicio (referencia a puntero NULL y caída del sistema ) mediante el aprovechamiento de la capacidad CAP_NET_ADMIN. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836 http://rhn.redhat.com/errata/RHSA-2013-0744.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7 http://www.openwall.com/lists/oss-security/2013/03/07/2 http://www.ubuntu.com/usn/USN-1829-1 https://bugzilla.redhat.com/show_bug.cgi?id=919384 https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836 https://access.redhat.com •