CVE-2013-6367 – kvm: division by zero in apic_get_tmcct()
https://notcve.org/view.php?id=CVE-2013-6367
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. La función apic_get_tmcct en arch/x86/kvm/lapic.c en el subsistema de KVM en el kernel de Linux hasta 3.12.5 permite a los usuarios del sistema operativo invitado para provocar una denegación de servicio (error de división por cero y caida del sistema operativo host) a través de la manipulacion del valor TMICT. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b963a22e6d1a266a67e9eecc88134713fd54775c http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html http://rhn.redhat.com/errata/RHSA-2013-1801.html http://rhn.redhat.com/errata/RHSA-2014-0163.html http://rhn.redhat.com/errata/RHSA-2014-0284.html http:/ • CWE-189: Numeric Errors •
CVE-2013-7027
https://notcve.org/view.php?id=CVE-2013-7027
The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. La función ieee80211_radiotap_iterator_init en net/wireless/radiotap.c en el kernel de Linux anterior a 3.11.7 no comprueba si una trama contiene todos los datos fuera de la cabecera, lo que podría permitir a atacantes provocar una denegación de servicio (sobre-lectura de búfer) a través de un encabezado manipulado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f5563318ff1bde15b10e736e97ffce13be08bc1a http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html http://secunia.com/advisories/55606 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 http://www.securityfocus.com/bid/64013 http://www.securitytracker.com/id/1029413 http://www.ubuntu.com/usn/USN-2066-1 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-6432
https://notcve.org/view.php?id=CVE-2013-6432
The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application. La función ping_recvmsg en net/ipv4/ping.c en Linux kernel anterior a v3.12.4 no interactúa correctamente con la syscall read en socket ping, lo que permite a usuarios locales provocar una denegación de servicio (referencia a un puntero NULL y caída del sistema) aprovechando privilegios no especificados para ejecutar una aplicación manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cf970c002d270c36202bd5b9c2804d3097a52da0 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 http://www.openwall.com/lists/oss-security/2013/12/06/6 http://www.ubuntu.com/usn/USN-2113-1 http://www.ubuntu.com/usn/USN-2117-1 https://bugzilla.redhat.com/show_bug.cgi?id=1039046 https://github.com/torvalds/ •
CVE-2013-2929 – kernel: exec/ptrace: get_dumpable() incorrect tests
https://notcve.org/view.php?id=CVE-2013-2929
The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. El kernel Linux anterior a 3.12.2 no utiliza apropiadamente la función get_dumpable, lo que permite a usuarios locales sortear restricciones ptrace u obtener información sensible de los registros IA64 a través de una aplicación manipulada, relacionado con kernel/ptrace.c y arch/ia64/include/asm/processor.h A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d049f74f2dbe71354d43d393ac3a188947811348 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://rhn.redhat.com/errata/RHSA-2014-0100.html http://rhn.redhat.com/errata/RHSA-2014-0159.html http://rhn.redhat.com/errata/RHSA-2014-0285.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.2 http: • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-7026
https://notcve.org/view.php?id=CVE-2013-7026
Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls. Múltiples condiciones de carrera en ipc/shm.c en el kernel de Linux anterior a la versión 3.12.2 permite a usuarios locales provocar una denegación de servicio (uso después de liberación y caída del sistema) o posiblemente tener otro impacto sin especificar a través de una aplicación que usa operaciones shmctl IPC_RMID en conjunción con otras llamadas del sistema shm. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a399b29dfbaaaf91162b2dc5a5875dd51bbfa2a1 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.2 http://www.ubuntu.com/usn/USN-2070-1 http://www.ubuntu.com/usn/USN-2075-1 https://github.com/torvalds/linux/commit/a399b29dfbaaaf91162b2dc5a5875dd51bbfa2a1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •