CVSS: 8.3EPSS: 0%CPEs: 9EXPL: 0CVE-2010-3705 – kernel: sctp memory corruption in HMAC handling
https://notcve.org/view.php?id=CVE-2010-3705
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. La función sctp_auth_asoc_get_hmac en net/sctp/auth.c en el kernel de Linux anteriores a v2.6.36 no valida correctamente la matriz hmac_ids de un par SCTP, lo cual permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y panic) a través de un valor manipulado en el último elemento de esta matriz. • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=51e97a12bef19b7e43199fc153cf9bd5f2140362 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://marc.info/?l=linux-kernel&m=128596992418814&w=2 http://secunia.com/advisories/42745 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 http://www.openwall.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3698 – kvm: invalid selector in fs/gs causes kernel panic
https://notcve.org/view.php?id=CVE-2010-3698
The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT). La implementación de KVM en el kernel de Linux anterior a v2.6.36 no recarga adecuadamente los segmentos de registro FS y GS, lo cual permite a usuarios del sistema operativo anfitrión causar una denegación de servicio (cuelgue del sistema operativo anfitrión) a través de una llamada KVM_RUN ioctl junto con una versión modificada de la Tabla de Descriptores Locales (LDT). • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9581d442b9058d3699b4be568b6e5eae38a41493 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://secunia.com/advisories/42745 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 http://www.redhat.com/support/errata/RHSA-2010-0842.html http://www.redhat.com/support/errata/RHSA-2010-0898.html http:/&#x • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2010-2962 – kernel: arbitrary kernel memory write via i915 GEM ioctl
https://notcve.org/view.php?id=CVE-2010-2962
drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations. drivers/gpu/drm/i915/i915_gem.c en el Graphics Execution Manager (GEM) en el controlador Intel i915 en el subsistema Direct Rendering Manager (DRM) en el kernel de Linux anterior a v2.6.36 no valida correctamente los punteros a los bloques de la memoria, lo cual permite a usuarios locales escribir en ubicaciones de memoria del núcleo a su elección, y por consiguiente obtener privilegios, mediante el uso de la interfaz ioctl manipulada, relacionado con (1) pwrite y (2) operaciones pread. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ce9d419dbecc292cc3e06e8b1d6d123d3fa813a4 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42745 http://secunia.com/advisories/42758 http:/&#x • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2010-4169 – kernel: perf bug
https://notcve.org/view.php?id=CVE-2010-4169
Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call. Una vulnerabilidad de uso después de liberación en mm/mprotect.c en las versiones del kernel de Linux anteriores a v2.6.37-rc2 permite a usuarios locales causar una denegación de servicio a través de vectores que implican una llamada de sistema a mprotect. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=63bfd7384b119409685a17d5c58f0b56e5dc03da http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://marc.info/?l=oss-security&m=128979684911295&w=2 http://marc.info/? • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 13EXPL: 3CVE-2010-2963 – Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite
https://notcve.org/view.php?id=CVE-2010-2963
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. drivers/media/video/v4l2-compat-ioctl32.c en la implementación de Video4Linux (V4L) en kernel de Linux anteriores a v2.6.36 en plataformas de 64 bits no valida el destino de una operación de copia de memoria, lo cual permite a usuarios locales escribir en lugares de memoria del núcleo a su elección, y en consecuencia obtener privilegios, a través de una llamada VIDIOCSTUNER ioctl en un dispositivo /dev/video, seguida por una llamada VIDIOCSMICROCODE ioctl en este dispositivo. • https://www.exploit-db.com/exploits/15344 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3e645d6b485446c54c6745c5e2cf5c528fe4deec http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html http://secunia.com/advisories/42745 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org&#x • CWE-20: Improper Input Validation •