Page 9 of 59 results (0.028 seconds)

CVSS: 1.9EPSS: 0%CPEs: 15EXPL: 0

The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." La función copy_shmid_to_user de ipc/shm.c del kernel de Linux en versiones anteriores a la 2.6.37-rc1 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información potencialmente confidencial de la memoria de la pila a través de vectores de ataque relacionados con la llamada del sistema shmctl y el interfaz shm antigua. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://lkml.or • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 1.9EPSS: 0%CPEs: 10EXPL: 2

The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. El subsistema ipc del kernel de Linux en versiones anteriores a la 2.6.37-rc1 no inicializa determinadas estructuras, lo que permite a usuarios locales obtener información potencialmente confidencial de la memoria de la pila del kernel a través de vectores relacionados con las funciones (1) compat_sys_semctl, (2) compat_sys_msgctl, y (3) compat_sys_shmctl de ipc/compat.c; y las funciones (4) compat_sys_mq_open y (5) compat_sys_mq_getsetattr de ipc/compat_mq.c. • https://www.exploit-db.com/exploits/17787 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=03145beb455cf5c20a761e8451e30b8a74ba58d9 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-ann • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 1.9EPSS: 0%CPEs: 14EXPL: 0

The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. La función sisfb_ioctl de drivers/video/sis/sis_main.c del kernel de Linux en versiones anteriores a la 2.6.36-rc6 no inicializa apropiadamente un miembro de una determinada estructura, lo que permite a usuarios locales obtener información potencialmente confidencial de la memoria de la pila del kernel a través de una llamada ioctl FBIOGET_VBLANK. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd02db9de73faebc51240619c7c7f99bee9f65c7 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42778 http://secunia.com/advisories/42801 http://www. • CWE-909: Missing Initialization of Resource •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0

drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations. drivers/gpu/drm/i915/i915_gem.c en el Graphics Execution Manager (GEM) en el controlador Intel i915 en el subsistema Direct Rendering Manager (DRM) en el kernel de Linux anterior a v2.6.36 no valida correctamente los punteros a los bloques de la memoria, lo cual permite a usuarios locales escribir en ubicaciones de memoria del núcleo a su elección, y por consiguiente obtener privilegios, mediante el uso de la interfaz ioctl manipulada, relacionado con (1) pwrite y (2) operaciones pread. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ce9d419dbecc292cc3e06e8b1d6d123d3fa813a4 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42745 http://secunia.com/advisories/42758 http:/&#x • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 4

The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer. La función do_tcp_setsockopt de net/ipv4/tcp.c en el kernel de Linux anterior a 2.6.37-rc2 no restringe adecuadamente los valores TCP_MAXSEG (también conocidos como MSS), esto permite a usuarios locales provocar una denegación de servicio (OOPS) mediante una llamada setsockopt que especifica un valor pequeño, lo que conduce a un error de división entre cero o un uso incorrecto de un entero asignado. • https://www.exploit-db.com/exploits/16263 https://www.exploit-db.com/exploits/16952 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html • CWE-369: Divide By Zero •