CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3448 – kernel: thinkpad-acpi: lock down video output state access
https://notcve.org/view.php?id=CVE-2010-3448
drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to the video output control state, which allows local users to cause a denial of service (system hang) via a (1) read or (2) write operation. drivers/platform/x86/thinkpad_acpi.c en el kernel de Linux anterior a v2.6.34 en los dispositivos de ThinkPad, cuando el servidor de X, X.Org, se utiliza, no restringe correctamente el acceso al estado del control de salida de vídeo, lo que permite a usuarios locales causar una denegación de servicio (caída del sistema) a través de operaciones de (1) lectura o (2) escritura. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565790 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b525c06cdbd8a3963f0173ccd23f9147d4c384b5 http://openwall.com/lists/oss-security/2010/06/23/2 http://openwall.com/lists/oss-security/2010/09/28/1 http://openwall.com/lists/oss-security/2010/09/29/7 http://openwall.com/lists/oss-security/2010/09/30/1 http://openwall.com/lists/oss-security/2010/09/30/6 http://www.debian.org& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4076
https://notcve.org/view.php?id=CVE-2010-4076
The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. La función rs_ioctl de drivers/char/amiserial.c del kernel de Linux en versiones 2.6.36.1 y anteriores no inicializa apropiadamente un miembro de una determinada estructura, lo que permite a usuarios locales obtener información potencialmente confidencial de la memoria de la pila del kernel a través de una llamada ioctl TIOCGICOUNT. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862 http://lkml.org/lkml/2010/9/15/389 http://www.openwall.com/lists/oss-security/2010/09/25/2 http://www.openwall.com/lists/oss-security/2010/10/06/6 http://www.openwall.com/lists/oss-security/2010/10/07/1 http://www.openwall.com/lists/oss-security/2010/10/25/3 https://bugzilla.redhat.com/show_bug.cgi?id=648661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 2CVE-2010-4077 – Linux Kenel 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
https://notcve.org/view.php?id=CVE-2010-4077
The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. La función ntty_ioctl_tiocgicount de drivers/char/nozomi.c del kernel de Linux en versiones anteriores a la 2.6.36.1 y anteriores no inicializa apropiadamente un miembro de una determinada estructura, lo que permite a usuarios locales obtener información potencialmente confidencial de la memoria de la pila del kernel a través de una llamada ioctl TIOCGICOUNT. • https://www.exploit-db.com/exploits/16973 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862 http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03387.html http://secunia.com/advisories/42890 http://securityreason.com/securityalert/8129 http://www.openwall.com/lists/oss-security/2010/09/25/2 http://www.openwall.com/lists/oss-security/2010/10/06/6 http://www.openwall.com/lists/oss-security/2010/10/0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 1.9EPSS: 0%CPEs: 7EXPL: 0CVE-2010-4074 – kernel: drivers/usb/serial/mos*.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4074
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c. El subsistema USB del kernel de Linux en versiones anteriores a la 2.6.36-rc5 no inicializa apropiadamente miembros de estructuras, lo que permite a usuarios locales obtener información potencialmente confidencial de la memoria de la pila del kernel a través de vectores relacionados con llamadas ioctl TIOCGICOUNT, y la (1) función mos7720_ioctl de drivers/usb/serial/mos7720.c y (2) mos7840_ioctl de drivers/usb/serial/mos7840.c. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a0846f1868b11cd827bdfeaf4527d8b1b1c0b098 http://lkml.org/lkml/2010/9/15/392 http://secunia.com/advisories/42890 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5 http://www.openwall.com/lists/oss-security/2010/09/25/2 http://www.openwall.com/lists/oss-security/2010/10/06/6 http://www.openwall.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 1.9EPSS: 0%CPEs: 10EXPL: 0CVE-2010-4079 – kernel: drivers/video/ivtv/ivtvfb.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4079
The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. La función ivtvfb_ioctl de drivers/media/video/ivtv/ivtvfb.c del kernel de Linux en versiones anteriores a la 2.6.36-rc8 no inicializa apropiadamente un miembro determinado de una estructura, lo que permite a usuarios locales obtener información potencialmente confidencial de la memoria de pila del kernel a través de una llamada ioctl FBIOGET_VBLANK. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=405707985594169cfd0b1d97d29fcb4b4c6f2ac9 http://lkml.org/lkml/2010/9/15/393 http://secunia.com/advisories/42890 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc8 http://www.openwall.com/lists/oss-security/2010/09/25/2 http://www.openwall.com/lists/oss-security/2010/10/06/6 http://www.openwall.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •