CVE-2011-1495 – kernel: drivers/scsi/mpt2sas: prevent heap overflows
https://notcve.org/view.php?id=CVE-2011-1495
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. drivers/scsi/mpt2sas/mpt2sas_ctl.c en el kernel de Linux v2.6.38 y anteriores no valida (1) la longitud y (2) los valores de desplazamiento (el 'offset') antes de realizar operaciones de copia de memoria, lo que podría permitir a usuarios locales conseguir privilegios, provocar una denegación de servicio (por corrupción de memoria), u obtener información sensible de la memoria del kernel a través de una llamada ioctl debidamente modificada a través de las funciones _ctl_do_mpt_command y _ctl_diag_read_buffer. • http://downloads.avaya.com/css/P8/documents/100145416 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://lkml.org/lkml/2011/4/5/327 http://openwall.com/lists/oss-security/2011/04/05/32 http://openwall.com/lists/oss-security/2011/04/06/2 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://secunia.com/advisories/46397 http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/47185 http: • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1577 – kernel: corrupted GUID partition tables can cause kernel oops
https://notcve.org/view.php?id=CVE-2011-1577
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media. Desbordamiento de búfer basado en memoria dinámica en la función is_gpt_valid en fs/partitions/efi.c en el kernel de Linux v2.6.38 y anteriores, permite a atacantes físicamente próximos causar una denegación de servicio (OOPS) o posiblemente tener un impacto no especificado a través de un tamaño manipulado de la cabecera de partición EFI GUID en un medio extraíble. • http://downloads.avaya.com/css/P8/documents/100145416 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html http://openwall.com/lists/oss-security/2011/04/12/17 http://openwall.com/lists/oss-security/2011/04/13/1 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://securityreason.com/securityalert/8238 http://securitytracker.com/id?1025355 http://www.securityfocus.com/archive/1/517477/100/0/threaded http://www.securityfocus.com/bid/47343 http:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0463
https://notcve.org/view.php?id=CVE-2011-0463
The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file. La función ocfs2_prepare_page_for_write en fs/ocfs2/aops.c en el subsistema Oracle Cluster File System 2 (OCFS2) en el Kernel de Linux anterior a v2.6.39-rc1 no maneja correctamente los canales que cruzan los límites de página, permitiendo a usuarios locales obtener información sensible desde distintos puntos del disco sin inicializar mediante la lectura de un archivo. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=272b62c1f0f6f742046e45b50b6fec98860208a0 http://oss.oracle.com/pipermail/ocfs2-devel/2011-February/007846.html http://secunia.com/advisories/43966 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1 http://www.ubuntu.com/usn/USN-1146-1 https://bugzilla.novell.com/show_bug.cgi?id=673037 • CWE-20: Improper Input Validation •
CVE-2011-1083 – Linux Kernel 2.6.x - epoll Nested Structures Local Denial of Service
https://notcve.org/view.php?id=CVE-2011-1083
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. La implementación epoll en el Kernel de Linux v2.6.37.2 y anteriores no cruza un árbol de descriptores de fichero epoll adecuadamente, lo que permite a usuarios locales provocar una denegación de servicio (consumo de CPU) a través de una aplicación manipulada que hace epoll_create y llamadas al sistema epoll_ctl. • https://www.exploit-db.com/exploits/35403 http://article.gmane.org/gmane.linux.kernel/1105744 http://article.gmane.org/gmane.linux.kernel/1105888 http://article.gmane.org/gmane.linux.kernel/1106686 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html http://openwall.com/lists/oss-security/2011/03/02/1 http://openwall.com/lists/oss-security/2011/03/02/2 http://rhn.redhat.com/e • CWE-400: Uncontrolled Resource Consumption •
CVE-2011-1082 – Linux Kernel 2.6.x - fs/eventpoll.c epoll Data Structure File Descriptor Local Denial of Service
https://notcve.org/view.php?id=CVE-2011-1082
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. fs/eventpoll.c en el kernel de Linux anterior a v2.6.38 coloca descriptores de fichero epoll dentro de otra estructura de datos epoll sin comprobar correctamente para (1) bucles cerrados (2) profundidad de cadena, lo que permite a usuarios locales provocar una denegación de servicio (bloqueo o agotamiento de la pila de memoria) a través de una aplicación que hace epoll_create y llamadas al sistema epoll_ctl. • https://www.exploit-db.com/exploits/35404 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e http://openwall.com/lists/oss-security/2011/03/02/1 http://openwall.com/lists/oss-security/2011/03/02/2 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 https://bugzilla.redhat.com/show_bug.cgi?id=681575 https://lkml.org/lkml/2011/2/5/220 https://access.redhat.com/security/cve/CVE-20 • CWE-400: Uncontrolled Resource Consumption •