CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 0CVE-2010-0623
https://notcve.org/view.php?id=CVE-2010-0623
The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem. La función futex_lock_pi en kernel/futex.c en el kernel de Linux anterior a 2.6.33-rc7 no maneja adecuadamente determinadas cuentas de referencia, lo que permite a usuarios locales provocar una denegación de servicio (OOPS) a través de vectores que involucran el desmontado del sistema de ficheros ext3. • http://bugzilla.kernel.org/show_bug.cgi?id=14256 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html http://secunia.com/advisories/38922 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7 http://www.mandriva.com/security/advisories?name=MDVSA-2010:088 http://www.openwall.com/lists/oss-security/2010/02/11/2 http:/ •
CVSS: 4.9EPSS: 0%CPEs: 141EXPL: 0CVE-2010-0622 – kernel: futex: Handle user space corruption gracefully
https://notcve.org/view.php?id=CVE-2010-0622
The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. La función wake_futex_pi de kernel/futex.c del kernel de Linux en versiones anteriores a la v2.6.33-rc7 no gestiona apropiadamente ciertas operaciones de "unlock" (liberación) de "Priority Inheritance (PI) futex" (futex de herencia de prioridad), lo que permite a usuarios locales provocar una denegación de servicio (OOPS) y posiblemente otras acciones sin especificar a través de vectores de ataque relacionados con la modificación de los valores de futex del espacio de usuario. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=51246bfd189064079c54421507236fd2723b18f3 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035070.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html http://secunia.com/advisories/38779 http://secunia.com/advisories/38905 http://secunia.com/advisories/38922 http://secunia.com/advisories/39033 http:/ •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0298 – kvm: emulator privilege escalation
https://notcve.org/view.php?id=CVE-2010-0298
The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306. El emulador x86 en KVM3, no usa Current Privilege Level (CPL) e I/O Privilege Level (IOPL) para para determinar el acceso a memoria disponible para el código CPL3, lo que permite a invitados del SO provocar una denegación de servicio (caída del SO invitado) o elevar sus privilegios aprovechando el acceso al (1) puerto IO o (2) a la región MMIO. Cuestión relacionada con CVE-2010-0306. • http://secunia.com/advisories/38492 http://www.debian.org/security/2010/dsa-1996 http://www.securityfocus.com/bid/38158 https://bugzilla.redhat.com/show_bug.cgi?id=559091 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11335 https://rhn.redhat.com/errata/RHSA-2010-0088.html https://rhn.redhat.com/errata/RHSA-2010-0095.html https://access.redhat.com/security/cve/CVE-2010-0298 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0291 – kernel: untangle the do_mremap()
https://notcve.org/view.php?id=CVE-2010-0291
The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess." El kernel de Linux en versiones anteriores a la v2.6.32.4 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (panic) llamando a la función (1) mmap o (2) mremap, también conocido como el "do_mremap() mess" o el "mremap/mmap mess." • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0067bd8a55862ac9dd212bd1c4f6f5bff1ca1301 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05d72faa6d13c9d857478a5d35c85db9adada685 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=097eed103862f9c6a97f2e415e21d1134017b135 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0ec62d290912bb4b989be7563851bc364ec73b56 http://git.kernel.org/? • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 2%CPEs: 7EXPL: 1CVE-2009-4272 – kernel: emergency route cache flushing leads to node deadlock
https://notcve.org/view.php?id=CVE-2009-4272
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. Cierto parche de Red Hat para net/ipv4/route.c en el kernel de Linux v2.6.18 en Red Hat Enterprise Linux (RHEL) v5 permite a atacantes remotos producir una denegación de servicio (punto muerto) a traves de paquetes manipulados que que fuerzan colisiones en la tabla de hash de enrutamiento IPv4, e inicia un enrutado de "emergencia" en el cual la cadena de hash es demasiado larga. NOTA: Esta vulnerabilidad esta relacionada con otra del cache de enrutamiento del kernel cuando el cache de enrutamiento del kernel esta desactivado, implicando un puntero no inicializado y panic. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=73e42897e8e5619eacb787d2ce69be12f47cfc21 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b6280b47a7a42970d098a3059f4ebe7e55e90d8d http://support.avaya.com/css/P8/documents/100073666 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31 http://www.openwall.com/lists/oss-security/2010/01/20/1 http://www.openwall.com/lists/oss-security/2010/01/20/6 https://bugz • CWE-476: NULL Pointer Dereference CWE-667: Improper Locking •