Page 578 of 2995 results (0.038 seconds)

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 2

CVE-2010-0727 – kernel: bug in GFS/GFS2 locking code leads to dos

https://notcve.org/view.php?id=CVE-2010-0727

The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions. La función gfs2_lock en el Linux kernel anterior v2.6.34-rc1-next-20100312, y la función gfs_lock en el Linux kernel de Red Hat Enterprise Linux (RHEL) v5 y v6, no elimina adecuadamente el POSIX locks en los archivos setgid sin permisos group-execute, lo que permite a usuarios locales causar una denegación de servicio (BUG y caída de sistema) bloqueando un archivo en los sistemas de archivos(1) GFS o (2) GFS2, y luego cambiar los permisos de este archivo. • http://lkml.org/lkml/2010/3/11/269 http://secunia.com/advisories/39830 http://securitytracker.com/id?1023809 http://www.debian.org/security/2010/dsa-2053 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2 http://www.mandriva.com/security/advisories?name=MDVSA-2010:066 http://www.openwall.com/lists/oss-security/2010/03/12/1 http://www.redhat.com/support/errata/RHSA-2010-0330.html http://www.redhat.com/support/errata/RH • CWE-399: Resource Management Errors •

CVSS: 6.1EPSS: 0%CPEs: 141EXPL: 1

CVE-2010-0415 – Linux Kernel 2.6.18 - 'move_pages()' Information Leak

https://notcve.org/view.php?id=CVE-2010-0415

The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set. La función do_pages_move en mm/migrate.c en el kernel de Linux en versiones anteriores a v2.6.33-rc7 no valida adecuadamente valores nodo, lo que permite a usuarios locales leer localizaciones de memoria del kernel de forma arbitraria, produciendo una denegación de servicio (OOPS), y posiblemente conseguir un impacto desconocido especificando el nodo que no forma parte del conjunto de nodos del kernel. Linux kernel version 2.6.18 suffers from a move_pages() information leak vulnerability. • https://www.exploit-db.com/exploits/40810 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f5a55f1a6c5abee15a0e878e5c74d9f1569b8b0 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035070.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html http://secunia.com/advisories/3849 •

CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 0

CVE-2010-0623

https://notcve.org/view.php?id=CVE-2010-0623

The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem. La función futex_lock_pi en kernel/futex.c en el kernel de Linux anterior a 2.6.33-rc7 no maneja adecuadamente determinadas cuentas de referencia, lo que permite a usuarios locales provocar una denegación de servicio (OOPS) a través de vectores que involucran el desmontado del sistema de ficheros ext3. • http://bugzilla.kernel.org/show_bug.cgi?id=14256 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html http://secunia.com/advisories/38922 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7 http://www.mandriva.com/security/advisories?name=MDVSA-2010:088 http://www.openwall.com/lists/oss-security/2010/02/11/2 http:/ •

CVSS: 4.9EPSS: 0%CPEs: 141EXPL: 0

CVE-2010-0622 – kernel: futex: Handle user space corruption gracefully

https://notcve.org/view.php?id=CVE-2010-0622

The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. La función wake_futex_pi de kernel/futex.c del kernel de Linux en versiones anteriores a la v2.6.33-rc7 no gestiona apropiadamente ciertas operaciones de "unlock" (liberación) de "Priority Inheritance (PI) futex" (futex de herencia de prioridad), lo que permite a usuarios locales provocar una denegación de servicio (OOPS) y posiblemente otras acciones sin especificar a través de vectores de ataque relacionados con la modificación de los valores de futex del espacio de usuario. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=51246bfd189064079c54421507236fd2723b18f3 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035070.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html http://secunia.com/advisories/38779 http://secunia.com/advisories/38905 http://secunia.com/advisories/38922 http://secunia.com/advisories/39033 http:/ •

CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2010-0298 – kvm: emulator privilege escalation

https://notcve.org/view.php?id=CVE-2010-0298

The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306. El emulador x86 en KVM3, no usa Current Privilege Level (CPL) e I/O Privilege Level (IOPL) para para determinar el acceso a memoria disponible para el código CPL3, lo que permite a invitados del SO provocar una denegación de servicio (caída del SO invitado) o elevar sus privilegios aprovechando el acceso al (1) puerto IO o (2) a la región MMIO. Cuestión relacionada con CVE-2010-0306. • http://secunia.com/advisories/38492 http://www.debian.org/security/2010/dsa-1996 http://www.securityfocus.com/bid/38158 https://bugzilla.redhat.com/show_bug.cgi?id=559091 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11335 https://rhn.redhat.com/errata/RHSA-2010-0088.html https://rhn.redhat.com/errata/RHSA-2010-0095.html https://access.redhat.com/security/cve/CVE-2010-0298 • CWE-264: Permissions, Privileges, and Access Controls •