Page 679 of 4436 results (0.013 seconds)

CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0

The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función l2tp_ip6_recvmsg en net/l2tp/l2tp_ip6.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta estructura, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b860d3cc62877fad02863e2a08efff69a19382d2 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1 https://github.com/torvalds/linux/commit/b860d3cc62877fad02863e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0

The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. La API crypto en el kernel de Linux hasta v3.9-rc8 no inicializa cierta longitud de variables, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom especialmente diseñada, relacionado con la función hash_recvmsg en crypto/algif_hash.c y la función skcipher_recvmsg en crypto/algif_skcipher.c. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1 https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe https://access.redhat • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0

The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función sco_sock_recvmsg en net/bluetooth/sco.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c8c499175f7d295ef867335bceb9a76a2c3cdc38 http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1 https://github.com/torvalds/linux/commit/c8c499175f7d295ef867335bceb9a76a2c3cdc38 https://lkml.org/lkml/2013/4/14/107 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0

The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función caif_seqpkt_recvmsg en net/caif/caif_socket.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2d6fbfe733f35c6b355c216644e08e149c61b271 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 4

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. Una determinada version de Android v4.1.2 en dispositivos Motorola Razr HD, Razr M, y Atrix HD con el chipset Qualcomm MSM8960 permite a atacantes físicamente próximos obtener acceso de root entrando en el modo de depuración USB, usando Android Debug Bridge (ADB) para establecer una conexión USB, y cargar y ejecutar el programa pwn Motochopper. An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation. • http://forum.xda-developers.com/showthread.php?t=2255491 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13e http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4a http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://marc.info/? • CWE-190: Integer Overflow or Wraparound •