CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 0CVE-2011-2494 – kernel: taskstats io infoleak
https://notcve.org/view.php?id=CVE-2011-2494
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password. kernel/taskstats.c del kernel de Linux en versiones anteriores a la 3.1 permite a usuarios locales obtener información confidencial de estadísticas de I/O enviando comandos taskstats al socket netlink, tal como se ha demostrado descubriendo la longitud de la contraseña de otro usuario. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1a51410abe7d0ee4b1d112780f46df87d3621043 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://secunia.com/advisories/48898 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 http://www.openwall.com/lists/oss-security/2011/06/27/1 https://bugzilla.redhat.com/show_bug.cgi?id=716842 https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043 https://access. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2011-3209 – kernel: panic occurs when clock_gettime() is called
https://notcve.org/view.php?id=CVE-2011-3209
The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call. La implementación de div_long_long_rem en include/asm-x86/div64.h en el Kernel de Linux anteriores a v2.6.26 en plataformas x86 permite a usuarios locales provocar una denegación de servicio (Divide Error Fault y pánico) a través de una llamada al sistema clock_gettime. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f8bd2258e2d520dff28c855658bd24bdafb5102d http://www.openwall.com/lists/oss-security/2011/10/24/3 https://bugzilla.redhat.com/show_bug.cgi?id=732878 https://github.com/torvalds/linux/commit/f8bd2258e2d520dff28c855658bd24bdafb5102d https://access.redhat.com/security/cve/CVE-2011-3209 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2942 – kernel: bridge: null pointer dereference in __br_deliver
https://notcve.org/view.php?id=CVE-2011-2942
A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device. Un parche de Red Hat para la función __br_deliver en net/bridge/br_forward.c en el Kernel de Linux v2.6.18 en Red Hat Enterprise Linux (RHEL) 5 permite a atacantes remotos causar una denegación de servicio (NULL pointer dereference y caída del sistema) o posiblemente tener otro impacto no especificado mediante el aprovechamiento de la conectividad con una interfaz de red que utiliza un dispositivo Ethernet puente. • http://www.openwall.com/lists/oss-security/2011/10/24/3 https://bugzilla.redhat.com/show_bug.cgi?id=730917 https://access.redhat.com/security/cve/CVE-2011-2942 • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2521 – kernel: perf, x86: fix Intel fixed counters base initialization
https://notcve.org/view.php?id=CVE-2011-2521
The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program. La función x86_assign_hw_event de arch/x86/kernel/cpu/perf_event.c en el rendimiento del subsistema de eventos en el kernel de Linux antes de 2.6.39 no calcula correctamente los valores de contador, lo que permite a usuarios locales causar una denegación de servicio (panic) a través del programa perfs. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc66c5210ec2539e800e87d7b3a985323c7be96e http://www.openwall.com/lists/oss-security/2011/07/06/4 https://bugzilla.redhat.com/show_bug.cgi?id=719228 https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e https://access.redhat.com/security/cve/CVE-2011-2521 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2898 – kernel: af_packet: infoleak
https://notcve.org/view.php?id=CVE-2011-2898
net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. net/packet/af_packet.c en el kernel de Linux antes de v2.6.39.3 no restringe adecuadamente el acceso al espacio de usuario a ciertas estructuras de paquetes de datos asociados VLAN Tag Control Information, lo que permite a usuarios locales obtener información sensible a través de una aplicación modificada. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13fcb7bd322164c67926ffe272846d4860196dc6 http://www.openwall.com/lists/oss-security/2011/08/03/7 https://bugzilla.redhat.com/show_bug.cgi?id=728023 https://github.com/torvalds/linux/commit/13fcb7bd322164c67926ffe272846d4860196dc6 https://access.redhat.com/security/cve/CVE-2011-2898 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •