Page 886 of 5145 results (0.020 seconds)

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 3

CVE-2010-3904 – Linux Kernel Improper Input Validation Vulnerability

https://notcve.org/view.php?id=CVE-2010-3904

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. La función rds_page_copy_user de net/rds/page.c en la implementación del protocolo "Reliable Datagram Sockets" (RDS) del kernel de Linux en versiones anteriores a la 2.6.36 no valida apropiadamente las direcciones obtenidas del espacio de usuario, lo que permite a usuarios locales escalar privilegios a través de un uso manipulado de las llamadas del sistema sendmsg y recvmsg. Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. • https://www.exploit-db.com/exploits/44677 https://www.exploit-db.com/exploits/15285 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2010-2938 – kernel: guest crashes on non-EPT machines may crash the host as well

https://notcve.org/view.php?id=CVE-2010-2938

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest. El fichero arch/x86/hvm/vmx/vmcs.c en la implementación de la estructura de control de máquina virtual (VMCS) en el kernel de Linux v2.6.18 de Linux en Red Hat Enterprise Linux (RHEL) 5, cuando se usa una plataforma de Intel sin la funcionalidad de Tabla de páginas extendida(EPT), tiene acceso a los campos VMCS sin verificar el soporte de hardware para estos campos, lo que permite a usuarios locales causar una denegación de servicio (caida del sistema operativo) pidiendo un dump de VMCS para un huésped Xen totalmente virtualizado. • http://secunia.com/advisories/46397 http://support.avaya.com/css/P8/documents/100113326 http://www.redhat.com/support/errata/RHSA-2010-0723.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/43578 http://www.vmware.com/security/advisories/VMSA-2011-0012.html http://xenbits.xensource.com/xen-unstable.hg?rev/15911 https://bugzilla.redhat.com/show_bug.cgi?id=620490 https://access.redhat.com/security/cve/CVE-2010-2938 • CWE-399: Resource Management Errors •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2010-2653

https://notcve.org/view.php?id=CVE-2010-2653

Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and hvc_remove functions. Condición de carrera en la función hvc_close en drivers/char/hvc_console.c en el kernel de Linux anterior a v2.6.34, permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el cierre del dispositivo Hypervisor Virtual Console, relacionado con las funciones hvc_open y hvc_remove. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=320718ee074acce5ffced6506cb51af1388942aa http://lkml.org/lkml/2010/3/3/207 http://patchwork.kernel.org/patch/83353 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 http://www.openwall.com/lists/oss-security/2010/03/04/3 http://www.openwall.com/lists/oss-security/2010/04/17/2 http://www.openwall.com/lists/oss-security/2010/04/18/1 http://www.openwall.com/lists&#x • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.9EPSS: 0%CPEs: 21EXPL: 0

CVE-2010-3442 – kernel: prevent heap corruption in snd_ctl_new()

https://notcve.org/view.php?id=CVE-2010-3442

Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. Múltiples desbordamientos de entero en la función snd_ctl_new de sound/core/control.c en el kernel de Linux en versiones anteriores a la 2.6.36-rc5-next-20100929. Permiten a usuarios locales provocar una denegación de servicio (corrupción de la memoria dinámica) o posiblemente provocar otros impactos sin especificar a través de una llamada ioctl (1) SNDRV_CTL_IOCTL_ELEM_ADD o (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=5591bf07225523600450edd9e6ad258bb877b779 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://list • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0

CVE-2010-2537

https://notcve.org/view.php?id=CVE-2010-2537

The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor. La función btrfs_ioctl_clone en fs/btrfs/ioctl.c en el kernel Linux, en versiones anteriores a la 2.6.35, permite a usuarios locales sobreescribir un fichero de solo-añadir (append-only) mediante una llamada ioctl (1) BTRFS_IOC_CLONE o (2) BTRFS_IOC_CLONE_RANGE que especifique este fichero como un donante. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2ebc3464781ad24474abcbd2274e6254689853b5 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://secunia.com/advisories/42758 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.openwall.com/lists/oss-security/2010/07/21/10 http://www.openwall.com/lists/oss-security/2010/07/21/4 http://www.securityfocus.com/bid/41847 http://www.ubuntu.com/usn •