CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2011-1082 – Linux Kernel 2.6.x - fs/eventpoll.c epoll Data Structure File Descriptor Local Denial of Service
https://notcve.org/view.php?id=CVE-2011-1082
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. fs/eventpoll.c en el kernel de Linux anterior a v2.6.38 coloca descriptores de fichero epoll dentro de otra estructura de datos epoll sin comprobar correctamente para (1) bucles cerrados (2) profundidad de cadena, lo que permite a usuarios locales provocar una denegación de servicio (bloqueo o agotamiento de la pila de memoria) a través de una aplicación que hace epoll_create y llamadas al sistema epoll_ctl. • https://www.exploit-db.com/exploits/35404 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e http://openwall.com/lists/oss-security/2011/03/02/1 http://openwall.com/lists/oss-security/2011/03/02/2 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 https://bugzilla.redhat.com/show_bug.cgi?id=681575 https://lkml.org/lkml/2011/2/5/220 https://access.redhat.com/security/cve/CVE-20 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 2.1EPSS: 0%CPEs: 10EXPL: 0CVE-2011-1163 – kernel: fs/partitions: Corrupted OSF partition table infoleak
https://notcve.org/view.php?id=CVE-2011-1163
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. La función ofs/partitions/osf.c en el kernel de linux anterior a v2.6.38 no maneja correctamente un número inválido de particiones, lo que permite a usuarios locales obtner información sensible del heap mediante vectores relacionados con el análisis de la tabla de particiones. • http://downloads.avaya.com/css/P8/documents/100145416 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://openwall.com/lists/oss-security/2011/03/15/14 http://openwall.com/lists/oss-security/2011/03/15/9 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://securityreason.com/securityalert/8189 http://securitytracker.com/id?1025225 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2011-0695 – kernel: panic in ib_cm:cm_work_handler
https://notcve.org/view.php?id=CVE-2011-0695
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference. Condición de carrera en la función cm_work_handler del controlador InfiniBand (drivers/infiniband/core/cma.c) del kernel de Linux 2.6.x. Permite a atacantes remotos provocar una denegación de servicio (panic) enviando una petición InfiniBand mientras otros manejadores de petición se están ejecutando, lo que provoca una resolución de puntero inválida. • http://rhn.redhat.com/errata/RHSA-2011-0927.html http://secunia.com/advisories/43693 http://www.openwall.com/lists/oss-security/2011/03/11/1 http://www.securityfocus.com/bid/46839 http://www.spinics.net/lists/linux-rdma/msg07447.html http://www.spinics.net/lists/linux-rdma/msg07448.html http://www.ubuntu.com/usn/USN-1146-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/66056 https://access.redhat.com/security/cve/CVE-2011-0695 https://bugzilla.redhat.com/s • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2011-1017
https://notcve.org/view.php?id=CVE-2011-1017
Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table. Desbordamiento de búfer en memoria dinámica en la función ldm_frag_add en fs/partitions/ldm.c en el kernel de Linux v2.6.37.2 y anteriores, podría permitir a usuarios locales conseguir privilegios u obtener información sensible a través de una tabla de particiones LDM manipulada. • http://openwall.com/lists/oss-security/2011/02/23/16 http://openwall.com/lists/oss-security/2011/02/24/14 http://openwall.com/lists/oss-security/2011/02/24/4 http://secunia.com/advisories/43716 http://secunia.com/advisories/43738 http://securityreason.com/securityalert/8115 http://securitytracker.com/id?1025128 http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt http://www.securityfocus.com/archive/1/516615/100/0/threaded http://www.securityfocus.com/bid/4 • CWE-787: Out-of-bounds Write •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2011-0711 – kernel: xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
https://notcve.org/view.php?id=CVE-2011-0711
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. La función xfs_fs_geometry de fs/xfs/xfs_fsops.c del kernel de Linux en versiones anteriores a la 2.6.38-rc6-git3 no inicializa un miembro determinado de una estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la memoria de la pila del kernel a través de una llamada ioctl FSGEOMETRY_V1. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba http://openwall.com/lists/oss-security/2011/02/16/10 http://openwall.com/lists/oss-security/2011/02/16/4 http://osvdb.org/70950 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git3.log http://www.securityfocus.com/bid/46417 https://bugzilla.redhat.com/show_bug.cgi?id=67 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •