CVSS: 6.9EPSS: 0%CPEs: 304EXPL: 0CVE-2008-1669 – kernel: add rcu_read_lock() to fcheck() in both dnotify, locks.c and fix fcntl store/load race in locks.c
https://notcve.org/view.php?id=CVE-2008-1669
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." El kernel de Linux en versiones posteriores a la 2.6.25.2, no aplica determinados mecanismos de protección para la funcionalidad fcntl, la cual permite a usuarios locales (1) ejecutar código en paralelo o (2) explotar una condición de carrera (race condition) para obtener un “acceso re-ordenado a la tabla descriptor” • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://secunia.com/advisories/30077 http://secunia.com/advisories/30101 http://secunia.com/advisories/30108 http://secunia.com/adv • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 317EXPL: 0CVE-2007-6694 – /proc/cpuinfo DoS on some ppc machines
https://notcve.org/view.php?id=CVE-2007-6694
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference. La función chrp_show_cpuinfo (chrp/setup.c) en Linux kernel 2.4.21 hasta 2.6.18-53, cuando funciona sobre PowerPC, podría permitir a usuarios locales provocar denegación de servicio (caida) a través de vectores desconocidos que hacen que la función of_get_property falle, lo cual dispara un puntero de referencia NULL. • http://marc.info/?l=linux-kernel&m=119576191029571&w=2 http://rhn.redhat.com/errata/RHSA-2008-0055.html http://secunia.com/advisories/28696 http://secunia.com/advisories/28748 http://secunia.com/advisories/29058 http://secunia.com/advisories/29236 http://secunia.com/advisories/30018 http://secunia.com/advisories/30515 http://secunia.com/advisories/30769 http://www.debian.org/security/2008/dsa-1503 http://www.debian.org/security/2008/dsa-1504 http://www.debian&# • CWE-399: Resource Management Errors •
CVSS: 4.0EPSS: 0%CPEs: 191EXPL: 0CVE-2007-5093 – kernel PWC driver DoS
https://notcve.org/view.php?id=CVE-2007-5093
The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device. El método disconnect en el controlador Philips USB Webcam (pwc) en Linux kernel 2.6.x anterior 2.6.22.6 "confía en espacio del usuario para cerrar el dispositivo" lo cual permite a un atacante local con la intervención del usuario provocar denegación de servicio (cuelgue del sistema USB y consumo de CPU en khubd) sin cerrar el dispositivo después de llamar a la desconexión. NOTA: esto cruza raramente límites de privilegio, a menos que el atacante los pueda convencer a la víctima que desenchufe el dispositivo afectado. • http://marc.info/?l=linux-kernel&m=118873457814808&w=2 http://marc.info/?l=linux-kernel&m=118880154122548&w=2 http://rhn.redhat.com/errata/RHSA-2008-0972.html http://secunia.com/advisories/26994 http://secunia.com/advisories/28170 http://secunia.com/advisories/28706 http://secunia.com/advisories/28971 http://secunia.com/advisories/29058 http://secunia.com/advisories/30294 http://secunia.com/advisories/32799 http://www.debian.org/security/2007/dsa-1381 http:/&# • CWE-399: Resource Management Errors •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3945
https://notcve.org/view.php?id=CVE-2007-3945
Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes. Rule Set Based Access Control (RSBAC) anterior a 1.3.5 no utiliza de forma adecuada el API Crypto Linux Kernel del Linux kernel 2.6.x, el permite a atacantes dependientes del contexto evitar controles de autenticación a través de vectores no especificados, posiblemente afectando al hashing de la contraseña User Management y los códigos de retorno de la función unchecked. • http://download.rsbac.org/code/1.3.5/changes-1.3.5.txt http://secunia.com/advisories/26147 http://securityreason.com/securityalert/2911 http://www.securityfocus.com/archive/1/474161/100/0/threaded http://www.securityfocus.com/bid/25001 http://www.vupen.com/english/advisories/2007/2610 •
CVSS: 6.1EPSS: 4%CPEs: 252EXPL: 0CVE-2007-2876 – nf}_conntrack_sctp: remotely triggerable NULL ptr dereference
https://notcve.org/view.php?id=CVE-2007-2876
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference. La función sctp_new en (1) ip_conntrack_proto_sctp.c y (2) nf_conntrack_proto_sctp.c en Netfilter en Linux kernel 2.6 anterior a 2.6.20.13, y 2.6.21.x anterior a 2.6.21.4, permite a atacantes remotos provocar denegación de servicio provocando ciertos estados no válidos que disparan un puntero NULL referenciado. • http://marc.info/?l=linux-kernel&m=118128610219959&w=2 http://marc.info/?l=linux-kernel&m=118128622431272&w=2 http://osvdb.org/37112 http://rhn.redhat.com/errata/RHSA-2007-0488.html http://secunia.com/advisories/25838 http://secunia.com/advisories/25961 http://secunia.com/advisories/26133 http://secunia.com/advisories/26139 http://secunia.com/advisories/26289 http://secunia.com/advisories/26450 http://secunia.com/advisories/26620 http://secunia.com/advisories/ •