Page 906 of 5146 results (0.023 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2009-4004

https://notcve.org/view.php?id=CVE-2009-4004

Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X86_SETUP_MCE IOCTL request that specifies a large number of Machine Check Exception (MCE) banks. Desbordamiento de búfer en la función kvm_vcpu_ioctl_x86_setup_mce en arch/x86/kvm/x86.c en el subsistema KVM en el kernel de Linux anteriores a v2.6.32-rc7 permite a los usuarios locales causar una denegación de servicio (corrupción de memoria) o posiblemente obtener privilegios a través de una petición KVM_X86_SETUP_MCE IOCTL que especifica un elevado número de bancos de Machine Check Exception (MCE). • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a9e38c3e01ad242fe2a625354cf065c34b01e3aa http://secunia.com/advisories/37357 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc7 http://www.securityfocus.com/bid/37035 http://www.vupen.com/english/advisories/2009/3267 https://exchange.xforce.ibmcloud.com/vulnerabilities/54302 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 1

CVE-2009-3939 – kernel: megaraid_sas permissions in sysfs

https://notcve.org/view.php?id=CVE-2009-3939

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. El fichero poll_mode_io para el controlador megaraid_sas en el kernel de Linux v2.6.31.6 y anteriores tiene permisos de escritura para todos, permitiendo a usuarios locales cambiar el modo de E/S del dispositivo modificando este fichero. • http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-03 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.6EPSS: 0%CPEs: 222EXPL: 1

CVE-2009-3889 – kernel: megaraid_sas permissions in sysfs

https://notcve.org/view.php?id=CVE-2009-3889

The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. El fichero dbg_lvl para el controlador megaraid_sas en el kernel de Linux versiones anteriores a v2.6.27 tiene permisos de escritura para todos, permitiendo a usuarios locales cambiar (1) el comportamiento y (2) el nivel de acceso del controlador modificando este fichero. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66dca9b8c50b5e59d3bea8b21cee5c6dae6c9c46 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html http://osvdb.org/60202 http://secunia.com/advisories/37909 http://support.avaya.com/css/P8/documents/100073666 http://www.debian.org/security/2010/dsa- • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 321EXPL: 1

CVE-2009-3888 – Linux Kernel 2.6.x - 'fput()' Null Pointer Dereference Local Denial of Service

https://notcve.org/view.php?id=CVE-2009-3888

The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory. La función do_mmap_pgoff en mm/nommu.c en el kernel de Linux anteriores a v2.6.31.6, cuando la CPU carece de unidad de gestión de memori, permite a usuarios locales provocar una denegación de servicio (OOPS) mediante una aplicación que intente reservar una gran cantidad de memoria. • https://www.exploit-db.com/exploits/10017 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89a8640279f8bb78aaf778d1fc5c4a6778f18064 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6 http://www.openwall.com/lists/oss-security/2009/11/09/2 http://www.openwall.com/lists/oss-security/2009/11/13/3 http://www.ubuntu.com/usn/usn-864-1 • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 0%CPEs: 403EXPL: 1

CVE-2009-3726 – Linux Kernel < 2.6.31-rc4 - 'nfs4_proc_lock()' Denial of Service

https://notcve.org/view.php?id=CVE-2009-3726

The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. La función nfs4_proc_lock en fs/nfs/nfs4proc.c en el cliente NFSv4 en el Kernel de Linux anteriores a v2.6.31-rc4 permite a servidores NFS remotos provocar una denegación de servicio (desreferenciación de puntero NULL y pánico) si se envía cierta respuesta conteniendo atributos de fichero no correctos, lo que provoca un intento de uso de un fichero abierto que carece de un estado NFSv4. • https://www.exploit-db.com/exploits/10202 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d953126a28f97ec965d23c69fd5795854c048f30 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.vmware.com/pipermail/security-ann • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •