CVE-2010-3874 – kernel: CAN minor heap overflow
https://notcve.org/view.php?id=CVE-2010-3874
Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation. Desbordamiento de búfer basado en memoria dinámica (heap) en la función bcm_connect en net/can/bcm.c (también conocido como el Broadcast Manager) en la implementación del Controller Area Network en el kernel de Linux v2.6.36 sobre plataformas de 64 bits, podría permitir a usuarios locales provocar una denegación de servicio (corrupción de memoria) a través de una operación connect. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0597d1b99fcfc2c0eada09a698f85ed413d4ba84 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://o • CWE-787: Out-of-bounds Write •
CVE-2010-4249 – Linux Kernel 2.6.37 - Unix Sockets Local Denial of Service
https://notcve.org/view.php?id=CVE-2010-4249
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. La función wait_for_unix_gc de net/unix/garbage.c en el kernel de Linux en versiones anteriores a la 2.6.37-rc3-next-20101125 no selecciona apropiadamente el momento de recolectar la basura de los sockets en uso; lo que permite, a usuarios locales, provocar una denegación de servicio (cuelgue del sistema) a través del uso modificado de las llamadas al sistema "socketpair" y "sendmsg" de los sockets SOCK_SEQPACKET. • https://www.exploit-db.com/exploits/15622 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9915672d41273f5b77f1b3c29b391ffb7732b84b http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lkml.org/lkml/2010/11/23/395 http://lkml.org/lkml/2010/11/23/450 http://lkml.org/lkml/2010/11/25/8 http://marc.info/?l=linux-netdev&m=129059035929046&w=2 http://secunia.com/advisories/42354 http://secunia.com/adviso • CWE-400: Uncontrolled Resource Consumption •
CVE-2010-3705 – kernel: sctp memory corruption in HMAC handling
https://notcve.org/view.php?id=CVE-2010-3705
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. La función sctp_auth_asoc_get_hmac en net/sctp/auth.c en el kernel de Linux anteriores a v2.6.36 no valida correctamente la matriz hmac_ids de un par SCTP, lo cual permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y panic) a través de un valor manipulado en el último elemento de esta matriz. • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=51e97a12bef19b7e43199fc153cf9bd5f2140362 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://marc.info/?l=linux-kernel&m=128596992418814&w=2 http://secunia.com/advisories/42745 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 http://www.openwall.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVE-2010-3698 – kvm: invalid selector in fs/gs causes kernel panic
https://notcve.org/view.php?id=CVE-2010-3698
The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT). La implementación de KVM en el kernel de Linux anterior a v2.6.36 no recarga adecuadamente los segmentos de registro FS y GS, lo cual permite a usuarios del sistema operativo anfitrión causar una denegación de servicio (cuelgue del sistema operativo anfitrión) a través de una llamada KVM_RUN ioctl junto con una versión modificada de la Tabla de Descriptores Locales (LDT). • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9581d442b9058d3699b4be568b6e5eae38a41493 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://secunia.com/advisories/42745 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 http://www.redhat.com/support/errata/RHSA-2010-0842.html http://www.redhat.com/support/errata/RHSA-2010-0898.html http:/ • CWE-400: Uncontrolled Resource Consumption •
CVE-2010-2962 – kernel: arbitrary kernel memory write via i915 GEM ioctl
https://notcve.org/view.php?id=CVE-2010-2962
drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations. drivers/gpu/drm/i915/i915_gem.c en el Graphics Execution Manager (GEM) en el controlador Intel i915 en el subsistema Direct Rendering Manager (DRM) en el kernel de Linux anterior a v2.6.36 no valida correctamente los punteros a los bloques de la memoria, lo cual permite a usuarios locales escribir en ubicaciones de memoria del núcleo a su elección, y por consiguiente obtener privilegios, mediante el uso de la interfaz ioctl manipulada, relacionado con (1) pwrite y (2) operaciones pread. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ce9d419dbecc292cc3e06e8b1d6d123d3fa813a4 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42745 http://secunia.com/advisories/42758 http:/ • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •