CVSS: 5.6EPSS: 0%CPEs: 187EXPL: 1CVE-2012-3510 – kernel: taskstats: use-after-free in xacct_add_tsk()
https://notcve.org/view.php?id=CVE-2012-3510
Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. Vulnerabilidad de uso después de liberación en la función xacct_add_tsk en kernel/tsacct.c en kernel Linux antes de v2.6.19, permite a usuarios locales obtener información de la memoria del kernel o causar una denegación de servicio (caída del sistema) a través de un comando taskstats TASKSTATS_CMD_ATTR_PID. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9 http://rhn.redhat.com/errata/RHSA-2012-1323.html http://secunia.com/advisories/50811 http://www.openwall.com/lists/oss-security/2012/08/20/12 http://www.securityfocus.com/bid/55144 http://www.securitytracker.com/id?1027602 https://bugzilla.redhat.com/show_bug.cgi?id=849722 https://github. • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 7.1EPSS: 1%CPEs: 2EXPL: 0CVE-2012-3552 – kernel: net: slab corruption due to improper synchronization around inet->opt
https://notcve.org/view.php?id=CVE-2012-3552
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic. La aplicación IP en el kernel de Linux antes de v3.0 podría permitir a atacantes remotos provocar una denegación de servicio mediante el envío de paquetes a una aplicación que configura las opciones de socket durante el manejo de tráfico de red. • http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6d8bd051c391c1c0458a30b2a7abcd939329259 http://rhn.redhat.com/errata/RHSA-2012-1540.html http://www.openwall.com/lists/oss-security/2012/08/31/11 https://bugzilla.redhat.com/show_bug.cgi?id=853465 https://github.com/torvalds/linux/commit/f6d8bd051c391c1c0458a30b2a7abcd939329259 https://access.redhat.com/security/cve/CVE-2012-3552 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 0%CPEs: 126EXPL: 0CVE-2012-4398 – kernel: request_module() OOM local DoS
https://notcve.org/view.php?id=CVE-2012-4398
The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. La función __request_module en kernel/kmod.c en el kernel de Linux anterior a v3.4 no establece un atributo "killable", lo que permite a usuarios locales provocar una denegación de servicio (consumo de memoria) a través de una aplicación especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lkml.indiana.edu/hypermail/linux/kernel/1202.0/03340.html http://rhn.redhat.com/errata/RHSA-2013-0223.html http://rhn.redhat.com/errata/RHSA-2013-1348.html http://secunia.com/advisories/55077 http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2 http://www.openwall.com/lists/oss-security/2012/09/02/3 h • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 43EXPL: 2CVE-2012-3430 – Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure
https://notcve.org/view.php?id=CVE-2012-3430
The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. La función rds_recvmsg en net/rds/recv.c en el Kernell de Linux anteriores a v3.0.44 no inicializa el cierto miembro de la estructura, lo que permite a usuarios locales a obtener información potencialmente sensible de la pila de memoria del kernel a través de (1) recvfrom o (2) llamada a sistema recvmsg en un socket RDS. • https://www.exploit-db.com/exploits/37543 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=06b6a1cf6e776426766298d055bb3991957d90a7 http://rhn.redhat.com/errata/RHSA-2012-1323.html http://secunia.com/advisories/50633 http://secunia.com/advisories/50732 http://secunia.com/advisories/50811 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44 http://www.openwall.com/lists/oss-security/2012/07/26/5 http://www.ubuntu.com/usn/USN- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 104EXPL: 1CVE-2012-3511 – kernel: mm: use-after-free in madvise_remove()
https://notcve.org/view.php?id=CVE-2012-3511
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. Múltiples vulnerabilidades de condición de carrera en la función madvise_remove en el kernel Linux antes de v3.4.5, permite a usuarios locales causar una denegación de servicio (uso después de liberación y caída del sistema) a través de vectores que implican (1) munmap o (2) llamada de cierre de sistema. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb http://secunia.com/advisories/50633 http://secunia.com/advisories/50732 http://secunia.com/advisories/55055 http://ubuntu.com/usn/usn-1529-1 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 http://www.openwall.com/lists/oss-security/2012/08/20/13 http://www.securityfocus.com/bid/55151 http://www.ubuntu.com/usn/USN-1567-1 http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •