CVE-2010-3298 – kernel: drivers/net/usb/hso.c: prevent reading uninitialized memory
https://notcve.org/view.php?id=CVE-2010-3298
The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. La función hso_get_count en drivers/net/usb/hso.c en el kernel Linux anterior a la versión 2.6.36-rc5, no inicia adecuadamente un miembro de cierta estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la pila de memoria del kernel mediante una llamada ioctl TIOCGICOUNT. • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=7011e660938fc44ed86319c18a5954e95a82ab3e http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lkml.org/lkml/2010/9/11/167 http://secunia.com/advisories/41440 http://secunia.com/advisories/42758 http://secunia.com/advisories/42890 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-2538
https://notcve.org/view.php?id=CVE-2010-2538
Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call. Desbordamiento de entero en la función btrfs_ioctl_clone en fs/btrfs/ioctl.c en el kernel Linux, en versiones anteriores a la 2.6.35, puede permitir a usuarios locales obtener información sensible mediante una llamada ioctl BTRFS_IOC_CLONE_RANGE. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2ebc3464781ad24474abcbd2274e6254689853b5 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://secunia.com/advisories/42758 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.openwall.com/lists/oss-security/2010/07/21/10 http://www.openwall.com/lists/oss-security/2010/07/21/4 http://www.securityfocus.com/bid/41854 http://www.ubuntu.com/usn • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-2943 – XFS - Deleted Inode Local Information Disclosure
https://notcve.org/view.php?id=CVE-2010-2943
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. La implementación xfs en el kernel Linux, en versiones anteriores a la 2.6.35, no busca la asignación de inodes btrees antes de leer los búfer inode, lo que permite a atacantes remotos autenticados leer ficheros no enlazados o leer o sobreescribir bloques de disco que están asignados actualmente a un fichero activo pero que fueron previamente asignados a un fichero no enlazado, accediendo a un manejador de fichero NFS antiguo. • https://www.exploit-db.com/exploits/15155 http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767 http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768 http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769 http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-3437 – Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure
https://notcve.org/view.php?id=CVE-2010-3437
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. Error de presencia de signo en entero en la función pkt_find_dev_from_minor de drivers/block/pktcdvd.c del kernl de Linux en versiones anteriores a la 2.6.36-rc6 permite a usuarios locales obtener información confidencial de la memoria del kernel o provocar una denegación de servicio (resolución de referencia a puntero inválido y caída de la aplicación) a través de un valor de índice modificado en una llamada ioctl PKT_CTRL_CMD_STATUS. • https://www.exploit-db.com/exploits/15150 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=252a52aa4fa22a668f019e55b3aac3ff71ec1c29 http://jon.oberheide.org/files/cve-2010-3437.c http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004& • CWE-476: NULL Pointer Dereference •
CVE-2010-2478
https://notcve.org/view.php?id=CVE-2010-2478
Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084. Desbordamiento de enteros en la función ethtool_get_rxnfc en net/core/ethtool.c en el kernel de Linux anterior a v2.6.33.7 en plataformas de 32 bits permite a usuarios locales causar una denegación de servicio o posiblemente tener un impacto no especificado a través de un comando ethtool ETHTOOL_GRXCLSRLALL con una valor info.rule_cnt grande lo cual provoca un desbordamiento de búfer, una vulnerabilidad diferente de CVE-2010-3084. • http://article.gmane.org/gmane.linux.network/164869 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db048b69037e7fa6a7d9e95a1271a50dc08ae233 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.7 http://www.openwall.com/lists/oss-security/2010/06/29/1 http://www.openwall.com/lists/oss-security/2010/06/29/3 http://www.openwall.com/lists/oss-security/2010/06 • CWE-190: Integer Overflow or Wraparound •