CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2010-3080 – kernel: /dev/sequencer open failure is not handled correctly
https://notcve.org/view.php?id=CVE-2010-3080
Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device. Vulnerabilidad de doble liberación en la función snd_seq_oss_open de sound/core/seq/oss/seq_oss_init.c en el kernel Linux anterior a v6.36-rc4 podría permitir a usuarios locales causar una denegación de servicio o posiblemente tener otro impacto sin especificar a través de de un intento fallido de abrir el dispositivo /dev/sequencer • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=c598337660c21c0afaa9df5a65bb4a7a0cf15be8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27f7ad53829f79e799a253285318bff79ece15bd http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42890 http://ww • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 2CVE-2010-3081 – Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3081
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. Las funciones compat_alloc_user_space en los ficheros include/asm/compat.h del kernel de Linux en versiones anteriores a la v2.6.36-rc4-git2 en plataformas de 64-bit no reservan adecuadamente la memoria del espacio de usuario requerida para la capa de compatibilidad de 32-bit, lo que permite a usuarios locales escalar privilegios basándose en la capacidad de la función compat_mc_getsockopt (también conocido como soporte MCAST_MSFILTER getsockopt) para controlar un valor de longitud determinado, relacionado con un "stack pointer underflow", como se ha demostrado en septiembre del 2010. • https://www.exploit-db.com/exploits/15024 http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html http://blog.ksplice.com/2010/09/cve-2010-3081 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c41d68a513c71e35a14f66d71782d27a79a81ea6 http://isc.sans.edu/diary.html?storyid=9574 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 2CVE-2010-3301 – Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3301
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. La llamada del sistema IA32 para la emulación de binarios de 32 bits en arch/x86/ia32/ia32entry.S en el kernel Linux anterior a v2.6.36-rc4-git2 en la plataforma x86_64 no vuelve a cero el registro% eax después de la ruta de entrada de 32-bits cuando ptrace es utilizado, lo cual permite a usuarios locales conseguir privilegios mediante un acceso out-of-bounds a la tabla de llamadas al sistema usando el registro rax%. NOTA: esta vulnerabilidad ya existía en CVE-2007-4573 • https://www.exploit-db.com/exploits/15023 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=36d001c70d8a0144ac1d038f6876c484849a74de http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eefdca043e8391dcd719711716492063030b55ac http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42758 http://sota.gen.nz/compat2 http:&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2010-2960
https://notcve.org/view.php?id=CVE-2010-2960
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. La función keyctl_session_to_parent en security/keys/keyctl.c en el kernel de Linux v2.6.35.4 y anteriores, espera que determinados keyrings de sesión aparezcan, lo que permite a usuarios locales provocar una denegación de servicio(deferencia a puntero nulo y caída de sistema) o posiblemente tener otro impacto sin especificar a través del argumento KEYCTL_SESSION_TO_PARENT a la función keyctl. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/41263 http://securitytracker.com/id?1024384 http://twitter.com/taviso/statuses/22777866582 http://www.openwall.com/lists/oss-security/2010/09/02/1 http://www.securityfocus.com/bid/42932 http://www.ubuntu.com/usn/USN-1000-1 http://www.vupen.com/english/advisories/2011/0298 https://bugzilla.redhat.c • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2010-2495
https://notcve.org/view.php?id=CVE-2010-2495
The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change. La función pppol2tp_xmit en drivers/net/pppol2tp.c en la implementación L2TP en el kernel de Linux anterior a v2.6.34, no valida adecuadamente determinados valores asociados a un interfaz, lo que permite a atacantes provocar una denegación de servicio (deferencia a puntero null y OOPS) o posiblemente tener otro impacto no especificados a través de vectores relacionados con un cambio de enrutamiento. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 http://www.openwall.com/lists/oss-security/2010/06/23/3 http://www.openwall.com/lists/oss-security/2010/07/04/2 http://www.openwall.com/lists/oss-security/2010/07/04/3 http://www.openwall.com/lists/oss-security/ • CWE-476: NULL Pointer Dereference •