CVSS: 4.9EPSS: 0%CPEs: 337EXPL: 0CVE-2009-2909
https://notcve.org/view.php?id=CVE-2009-2909
Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation. Error de presencia de signo entero en la función ax25_setsockopt en net/ax25/af_ax25.c en el subsistema ax25 en el kernel de Linux anteriores a 2.6.31.2 permite a usuarios locales producir una denegación de servicio (OOPS) a través de un valor "optlen" manipulado en una operación SO_BINDTODEVICE. • http://article.gmane.org/gmane.linux.kernel/896907 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=b7058842c940ad2c08dd829b21e5c92ebe3b8758 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http://marc.info/?l=oss-security&m=125494119617994&w=2 http://secunia.com/advisories/37075 http://secunia.com/advisories/37351 http://www.kernel.org/pub/linux/kernel/v2.6&#x • CWE-189: Numeric Errors •
CVSS: 2.1EPSS: 0%CPEs: 20EXPL: 0CVE-2009-3228 – kernel: tc: uninitialised kernel memory leak
https://notcve.org/view.php?id=CVE-2009-3228
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. La función tc_fill_tclass en net/sched/sch_api.c del subsistema tc en el kernel de Linux v2.4.x anteriores a la v2.4.37.6 y v2.6.x anteriores a la v2.6.31-rc9 no inicializa un determinado miembro de la estructura (1) tcm__pad1 y (2) tcm__pad2, lo que permite a atacantes locales obtener información confidencial de la memoria del kernel a través de vectores de ataque sin especificar. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=096ed17f20affc2db0e307658c69b67433992a7a http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://patchwork.ozlabs.org/patch/32830 http://secunia.com/advisories/37084 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://www.kernel.org/pub/linux/k • CWE-401: Missing Release of Memory after Effective Lifetime CWE-909: Missing Initialization of Resource •
CVSS: 7.8EPSS: 7%CPEs: 306EXPL: 4CVE-2009-3613 – Linux Kernel 2.6.x - '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-3613
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping. La funcionalidad swiotlb en el controlador r8169 en drivers/net/r8169.c en el núcleo de Linux anterior a v2.6.27.22 permite a atacantes remotos provocar una denegación de servicio (agotamiento de espacio en la Unidad de Gestión de E/S de memoria y parada del sistema) mediante la utilización de una tramas grandes para una gran cantidad de tráfico de red, como se ha demostrado con un desbordamiento ping. • https://www.exploit-db.com/exploits/33289 http://bugzilla.kernel.org/show_bug.cgi?id=9468 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97d477a914b146e7e6722ded21afa79886ae8ccd http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a866bbf6aacf95f849810079442a20be118ce905 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://marc.info/?l=o • CWE-399: Resource Management Errors •
CVSS: 2.1EPSS: 0%CPEs: 20EXPL: 0CVE-2009-3612 – kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7
https://notcve.org/view.php?id=CVE-2009-3612
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. La función tcf_fill_node en net/sched/cls_api.c del subsistema netlink en el kernel de Linux v2.6.x hasta la v2.6.32-rc5, y v2.4.37.6 y anteriores, no inicializa un determinado miembro de la estructura tcm__pad2, lo que puede permitir a usuarios locales obtener información confidencial de la memoria del kernel a través de vectores de ataque sin especificar. NOTA: esta vulnerabilidad existe debido a una solución incompleta de CVE-2005-4881. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad61df918c44316940404891d5082c63e79c256a http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://patchwork.ozlabs.org/patch/35412 http://secunia.com/advisories/37086 http://secunia& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 97EXPL: 0CVE-2005-4881 – kernel: netlink: fix numerous padding memleaks
https://notcve.org/view.php?id=CVE-2005-4881
The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions. El subsistema netlink del kernel de Linux v2.4.x anteriores a la v2.4.37.6 y v2.6.x anteriores a la v2.6.13-rc1 no inicializa unos determinados campos de relleno de estructuras; lo que permite a usuarios locales obtener información confidencial de la memoria del kernel a través de vectores de ataque sin especificar, relacionados con las funciones (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, y (23) cbq_dump_ovl. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=0f3f2328f63c521fe4b435f148687452f98b2349 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=3408cce0c2f380884070896420ca566704452fb5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a47077a0b5aa2649751c46e7a27884e6686ccbf http://git.kernel • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •