CVE-2013-2146 – Kernel: perf/x86: offcore_rsp valid mask for SNB/IVB
https://notcve.org/view.php?id=CVE-2013-2146
arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. arch/x86/kernel/cpu/perf_event_intel.c en Linux kernel hasta v3.8.9 cuando Performance Events Subsystem esta habilitado, especifica una máscara de bits correctos, lo que permite a usuarios locales provocar una denegación de servicio (error de protección general y el bloqueo del sistema) al tratar de establecer un bit reservado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f1923820c447e986a9da0fc6bf60c1dccdf0408e http://rhn.redhat.com/errata/RHSA-2013-1173.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://www.openwall.com/lists/oss-security/2013/06/05/23 https://bugzilla.redhat.com/show_bug.cgi?id=971309 https://github.com/torvalds/linux/commit/f1923820c447e986a9da0fc6bf60c1dccdf0408e https: • CWE-20: Improper Input Validation •
CVE-2013-2141 – Kernel: signal: information leak in tkill/tgkill
https://notcve.org/view.php?id=CVE-2013-2141
The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. La función do_tkill en kernel/signal.c en el kernel de Linux anterior a v3.8.9 no inicializa cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de aplicaciones manipuladas que realizan llamadas al sistema (1) tkill o (2) tgkill. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata/RHSA-2013-1801.html http://secunia.com/advisories/55055 http://www.debian.org/security/2013/dsa-2766 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://www.openwall.com/lists/oss-securi • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-399: Resource Management Errors •
CVE-2013-2147 – Kernel: cpqarray/cciss: information leak via ioctl
https://notcve.org/view.php?id=CVE-2013-2147
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. El controlador de array de discos HP Smart Array y el controlador de array de discos Compaq SMART2 en Linux kernel hasta v3.9.4 no inicializa ciertas estructuras de datos, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de (1) un comando modificado IDAGETPCIINFO para el dispositivo /dev/ida, relacionado con la función ida_locked_ioctl en drivers/block/cpqarray.c o (2) un comando modificado CCISS_PASSTHRU32 para el dispositivo /dev/cciss relacionado con la función cciss_ioctl32_passthru en drivers/block/cciss.c. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://lkml.org/lkml/2013/6/3/127 http://lkml.org/lkml/2013/6/3/131 http://rhn.redhat.com/errata/RHSA-2013-1166.html http://www.openwall.com/lists/oss-security/2013/06/05/25 http://www.ubuntu.com/usn/USN-1994-1 http://www.ubuntu.com/usn/USN-1996-1 http://www.ubuntu.com/usn/USN-1997-1 http://www.ubuntu.com/usn/USN-1999-1 http://www.ubuntu.com/usn/USN-20 • CWE-399: Resource Management Errors •
CVE-2013-2851 – kernel: block: passing disk names as format strings
https://notcve.org/view.php?id=CVE-2013-2851
Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. Vulnerabilidad de formato de cadena en la función register_disk en block/genhd.c en Linux kernel hasta v3.9.4 permite a usuarios locales conseguir privilegios haciendo uso de acceso root y la escritura especificadores de formato de cadena en /sys/module/md_mod/parameters/new_array con el fin de crear un dispositivo /dev/md con el nombre manipulado. • http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://marc.info/?l=linux-kernel&m=137055204522556&w=2 http://rhn.redhat.com/errata/RHSA-2013-1645.html http://rhn.redhat.com/errata/RHSA-2013-1783.html http://rhn.redhat.com/errata/RHSA-2014-0284.html http://www.debian.org/security/2013/dsa-2766 http://www • CWE-134: Use of Externally-Controlled Format String •
CVE-2013-2850 – kernel: iscsi-target: heap buffer overflow on large key error
https://notcve.org/view.php?id=CVE-2013-2850
Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. Desbordamiento de búfer basado en la función iscsi_add_notunderstood_response en drivers/target/iscsi/iscsi_target_parameters.c en el subsistema de destino iSCSI en Linux kernel hasta v3.9.4 lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y OOPS) o posiblemente ejecutar código arbitrario a través de una clave larga que no se maneja adecuadamente durante construcción de un paquete de respuesta de error. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cea4dcfdad926a27a18e188720efe0f2c9403456 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00018.html http://www.openwall.com/lists/oss-security/2013/06/01/2 http://www.ubuntu.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •