CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2039 – Kernel: s390: crash due to linkage stack instructions
https://notcve.org/view.php?id=CVE-2014-2039
arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction. arch/s390/kernel/head64.S en el kernel de Linux anterior a 3.13.5 en la plataforma s390 no maneja debidamente intentos de uso de la pila de vinculación, lo que permite a usuarios locales causar una denegación de servicio (caída de sistema) mediante la ejecución de una instrucción manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d7f6690cedb83456edd41c9bd583783f0703bf0 http://linux.oracle.com/errata/ELSA-2014-0771.html http://secunia.com/advisories/59262 http://secunia.com/advisories/59309 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5 http://www.openwall.com/lists/oss-security/2014/02/20/14 http://www.securityfocus.com/bid/65700 https://bugzilla.redhat.com/show_bug.cgi?id=1067558 https://github.com&# • CWE-20: Improper Input Validation •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 1CVE-2014-1690 – Kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper
https://notcve.org/view.php?id=CVE-2014-1690
The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature. La función de ayuda en net/netfilter/nf_nat_irc.c en el kernel de Linux anterior a 3.12.8 permite a atacantes remotos obtener información sensible de la memoria del kernel mediante el establecimiento de una sesión IRC DCC en la cual datos de paquetes incorrectos son transmitidos durante el uso de la funcionalidad NAT mangle. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2690d97ade05c5325cbf7c72b94b90d265659886 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8 http://www.openwall.com/lists/oss-security/2014/01/28/3 http://www.ubuntu.com/usn/USN-2137-1 http://www.ubuntu.com/usn/USN-2140-1 http://www.ubuntu.com/usn/USN-2158-1 https://bugzilla.redhat.com/show_bug.cgi?id=1058748 https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6638 – Kernel: net: tcp: potential DoS via SYN+FIN messages
https://notcve.org/view.php?id=CVE-2012-6638
The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663. La función tcp_rcv_state_process en net/ipv4/tcp_input.c en el kernel de Linux anterior a 3.2.24 permite a atacantes remotos causar una denegación de servicio (consumo de recursos del kernel) a través de una inundación de paquetes TCP SYN+FIN, una vulnerabilidad diferente a CVE-2012-2663. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdf5af0daf8019cec2396cdef8fb042d80fe71fa http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24 https://bugzilla.redhat.com/show_bug.cgi?id=826702 https://github.com/torvalds/linux/commit/fdf5af0daf8019cec2396cdef8fb042d80fe71fa https://access.redhat.com/security/cve/CVE-2012-6638 https://bugzilla.redhat.com/show_bug.cgi?id=1066055 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 8CVE-2014-0038 – Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat (PoC)
https://notcve.org/view.php?id=CVE-2014-0038
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. La función compat_sys_recvmmsg en net/compat.c en el kernel de Linux anterior a 3.13.2 cuando está habilitado CONFIG_X86_X32, permite a usuarios locales ganar privilegios a través de una llamada al sistema recvmmsg manipulada con un parámetro puntero a "timeout" manipulado. • https://www.exploit-db.com/exploits/31305 https://www.exploit-db.com/exploits/40503 https://www.exploit-db.com/exploits/31346 https://www.exploit-db.com/exploits/31347 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2def2ef2ae5f3990aabdbe8a755911902707d268 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html http://pastebin.com/raw.php?i=DH3Lbg54 http://s • CWE-20: Improper Input Validation •
CVSS: 1.7EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1444
https://notcve.org/view.php?id=CVE-2014-1444
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. La función fst_get_iface en drivers/net/wan/farsync.c del kernel Linux anteriores a 3.11.7 no inicializa apropiadamente cierta estructura de datos, lo cual permite a usuarios locales obtener información sensible de la memoria dle kernel, aprovechando la funcionalidad CAP_NET_ADMIN para una llamada SIOCWANDEV ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=96b340406724d87e4621284ebac5e059d67b2194 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 http://www.openwall.com/lists/oss-security/2014/01/15/3 http://www.securityfocus.com/bid/64952 http://www.ubuntu.com/usn/USN-2128-1 http://www.ubuntu.com/usn/USN-2129-1 https://bugzilla.redhat.com/show_bug.cgi?id=1053610 https://exchange.xforce.ibmcloud.com/vulnerabilities/90443 https:&#x • CWE-399: Resource Management Errors •