CVE-2011-0463
https://notcve.org/view.php?id=CVE-2011-0463
The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file. La función ocfs2_prepare_page_for_write en fs/ocfs2/aops.c en el subsistema Oracle Cluster File System 2 (OCFS2) en el Kernel de Linux anterior a v2.6.39-rc1 no maneja correctamente los canales que cruzan los límites de página, permitiendo a usuarios locales obtener información sensible desde distintos puntos del disco sin inicializar mediante la lectura de un archivo. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=272b62c1f0f6f742046e45b50b6fec98860208a0 http://oss.oracle.com/pipermail/ocfs2-devel/2011-February/007846.html http://secunia.com/advisories/43966 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1 http://www.ubuntu.com/usn/USN-1146-1 https://bugzilla.novell.com/show_bug.cgi?id=673037 • CWE-20: Improper Input Validation •
CVE-2011-1083 – Linux Kernel 2.6.x - epoll Nested Structures Local Denial of Service
https://notcve.org/view.php?id=CVE-2011-1083
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. La implementación epoll en el Kernel de Linux v2.6.37.2 y anteriores no cruza un árbol de descriptores de fichero epoll adecuadamente, lo que permite a usuarios locales provocar una denegación de servicio (consumo de CPU) a través de una aplicación manipulada que hace epoll_create y llamadas al sistema epoll_ctl. • https://www.exploit-db.com/exploits/35403 http://article.gmane.org/gmane.linux.kernel/1105744 http://article.gmane.org/gmane.linux.kernel/1105888 http://article.gmane.org/gmane.linux.kernel/1106686 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html http://openwall.com/lists/oss-security/2011/03/02/1 http://openwall.com/lists/oss-security/2011/03/02/2 http://rhn.redhat.com/e • CWE-400: Uncontrolled Resource Consumption •
CVE-2011-1082 – Linux Kernel 2.6.x - fs/eventpoll.c epoll Data Structure File Descriptor Local Denial of Service
https://notcve.org/view.php?id=CVE-2011-1082
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. fs/eventpoll.c en el kernel de Linux anterior a v2.6.38 coloca descriptores de fichero epoll dentro de otra estructura de datos epoll sin comprobar correctamente para (1) bucles cerrados (2) profundidad de cadena, lo que permite a usuarios locales provocar una denegación de servicio (bloqueo o agotamiento de la pila de memoria) a través de una aplicación que hace epoll_create y llamadas al sistema epoll_ctl. • https://www.exploit-db.com/exploits/35404 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e http://openwall.com/lists/oss-security/2011/03/02/1 http://openwall.com/lists/oss-security/2011/03/02/2 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 https://bugzilla.redhat.com/show_bug.cgi?id=681575 https://lkml.org/lkml/2011/2/5/220 https://access.redhat.com/security/cve/CVE-20 • CWE-400: Uncontrolled Resource Consumption •
CVE-2011-1163 – kernel: fs/partitions: Corrupted OSF partition table infoleak
https://notcve.org/view.php?id=CVE-2011-1163
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. La función ofs/partitions/osf.c en el kernel de linux anterior a v2.6.38 no maneja correctamente un número inválido de particiones, lo que permite a usuarios locales obtner información sensible del heap mediante vectores relacionados con el análisis de la tabla de particiones. • http://downloads.avaya.com/css/P8/documents/100145416 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://openwall.com/lists/oss-security/2011/03/15/14 http://openwall.com/lists/oss-security/2011/03/15/9 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://securityreason.com/securityalert/8189 http://securitytracker.com/id?1025225 • CWE-20: Improper Input Validation •
CVE-2011-0695 – kernel: panic in ib_cm:cm_work_handler
https://notcve.org/view.php?id=CVE-2011-0695
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference. Condición de carrera en la función cm_work_handler del controlador InfiniBand (drivers/infiniband/core/cma.c) del kernel de Linux 2.6.x. Permite a atacantes remotos provocar una denegación de servicio (panic) enviando una petición InfiniBand mientras otros manejadores de petición se están ejecutando, lo que provoca una resolución de puntero inválida. • http://rhn.redhat.com/errata/RHSA-2011-0927.html http://secunia.com/advisories/43693 http://www.openwall.com/lists/oss-security/2011/03/11/1 http://www.securityfocus.com/bid/46839 http://www.spinics.net/lists/linux-rdma/msg07447.html http://www.spinics.net/lists/linux-rdma/msg07448.html http://www.ubuntu.com/usn/USN-1146-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/66056 https://access.redhat.com/security/cve/CVE-2011-0695 https://bugzilla.redhat.com/s • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •