Описание
Security update for Linux kernel
The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to fix a regression introduced by the previous update:
As the update introducing the regression was marked security, this is also marked security even though this bug is not security relevant.
Список пакетов
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 11 SP2
Ссылки
- Link for SUSE-SU-2015:0481-1
- E-Mail link for SUSE-SU-2015:0481-1
- SUSE Security Ratings
- SUSE Bug 556135
- SUSE Bug 578046
- SUSE Bug 624072
- SUSE Bug 651219
- SUSE Bug 676204
- SUSE Bug 688996
- SUSE Bug 698102
- SUSE Bug 703156
- SUSE Bug 704280
- SUSE Bug 705551
- SUSE Bug 708296
- SUSE Bug 708836
- SUSE Bug 713148
- SUSE Bug 714604
- SUSE Bug 715635
- SUSE Bug 716850
- SUSE Bug 716971
Описание
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
Затронутые продукты
Ссылки
- CVE-2011-1083
- SUSE Bug 676204
- SUSE Bug 690537
Описание
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.
Затронутые продукты
Ссылки
- CVE-2011-2494
- SUSE Bug 703156
Описание
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal.
Затронутые продукты
Ссылки
- CVE-2011-4086
- SUSE Bug 745832
Описание
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
Затронутые продукты
Ссылки
- CVE-2011-4127
- SUSE Bug 738400
- SUSE Bug 758104
Описание
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
Затронутые продукты
Ссылки
- CVE-2011-4131
- SUSE Bug 730117
- SUSE Bug 762992
Описание
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value."
Затронутые продукты
Ссылки
- CVE-2011-4132
- SUSE Bug 730118
Описание
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.
Затронутые продукты
Ссылки
- CVE-2012-0957
- SUSE Bug 783515
- SUSE Bug 783606
Описание
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
Затронутые продукты
Ссылки
- CVE-2012-1097
- SUSE Bug 750079
Описание
The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.
Затронутые продукты
Ссылки
- CVE-2012-1146
- SUSE Bug 750959
Описание
The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages.
Затронутые продукты
Ссылки
- CVE-2012-1179
- SUSE Bug 752599
Описание
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
Затронутые продукты
Ссылки
- CVE-2012-1601
- SUSE Bug 754898
Описание
Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.
Затронутые продукты
Ссылки
- CVE-2012-2119
- SUSE Bug 758243
Описание
fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd.
Затронутые продукты
Ссылки
- CVE-2012-2127
- SUSE Bug 757783
Описание
Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data.
Затронутые продукты
Ссылки
- CVE-2012-2133
- SUSE Bug 758532
Описание
The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.
Затронутые продукты
Ссылки
- CVE-2012-2136
- SUSE Bug 765320
Описание
Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.
Затронутые продукты
Ссылки
- CVE-2012-2137
- SUSE Bug 767612
- SUSE Bug 871595
Описание
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
Затронутые продукты
Ссылки
- CVE-2012-2313
- SUSE Bug 758813
Описание
Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020.
Затронутые продукты
Ссылки
- CVE-2012-2319
- SUSE Bug 760902
Описание
The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.
Затронутые продукты
Ссылки
- CVE-2012-2372
- SUSE Bug 767610
- SUSE Bug 795039
Описание
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.
Затронутые продукты
Ссылки
- CVE-2012-2373
- SUSE Bug 762991
Описание
The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-4131.
Затронутые продукты
Ссылки
- CVE-2012-2375
- SUSE Bug 762992
- SUSE Bug 851103
Описание
Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations.
Затронутые продукты
Ссылки
- CVE-2012-2390
- SUSE Bug 764150
Описание
The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.
Затронутые продукты
Ссылки
- CVE-2012-2745
- SUSE Bug 770695
- SUSE Bug 795039
Описание
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
Затронутые продукты
Ссылки
- CVE-2012-3375
- SUSE Bug 769896
Описание
Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.
Затронутые продукты
Ссылки
- CVE-2012-3400
- SUSE Bug 769784
Описание
The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.
Затронутые продукты
Ссылки
- CVE-2012-3412
- SUSE Bug 774523
Описание
The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.
Затронутые продукты
Ссылки
- CVE-2012-3430
- SUSE Bug 773383
- SUSE Bug 795039
Описание
The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-4398
- SUSE Bug 778463
- SUSE Bug 779488
Описание
The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl.
Затронутые продукты
Ссылки
- CVE-2012-4461
- SUSE Bug 787821
Описание
Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.
Затронутые продукты
Ссылки
- CVE-2012-4508
- SUSE Bug 784192
Описание
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-4530
- SUSE Bug 786013
- SUSE Bug 841063
Описание
The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats.
Затронутые продукты
Ссылки
- CVE-2012-4565
- SUSE Bug 787576
Описание
The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.
Затронутые продукты
Ссылки
- CVE-2012-5517
- SUSE Bug 789235
Описание
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-6548
- SUSE Bug 809902
- SUSE Bug 871595
Описание
The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-6549
- SUSE Bug 809903
- SUSE Bug 871595
Описание
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
Затронутые продукты
Ссылки
- CVE-2013-0160
- SUSE Bug 797175
- SUSE Bug 841063
- SUSE Bug 871595
Описание
The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.
Затронутые продукты
Ссылки
- CVE-2013-0216
- SUSE Bug 800280
- SUSE Bug 800801
- SUSE Bug 801178
- SUSE Bug 841063
- SUSE Bug 871595
Описание
The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.
Затронутые продукты
Ссылки
- CVE-2013-0231
- SUSE Bug 801178
- SUSE Bug 841063
- SUSE Bug 871595
Описание
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
Затронутые продукты
Ссылки
- CVE-2013-0268
- SUSE Bug 802642
- SUSE Bug 841063
- SUSE Bug 871595
Описание
The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.
Затронутые продукты
Ссылки
- CVE-2013-0311
- SUSE Bug 804656
- SUSE Bug 871595
Описание
The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call.
Затронутые продукты
Ссылки
- CVE-2013-0349
- SUSE Bug 805227
- SUSE Bug 871595
Описание
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.
Затронутые продукты
Ссылки
- CVE-2013-0871
- SUSE Bug 804154
- SUSE Bug 804227
- SUSE Bug 841063
Описание
Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.
Затронутые продукты
Ссылки
- CVE-2013-0913
- SUSE Bug 808829
- SUSE Bug 871595
Описание
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.
Затронутые продукты
Ссылки
- CVE-2013-0914
- SUSE Bug 808827
- SUSE Bug 871595
Описание
net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.
Затронутые продукты
Ссылки
- CVE-2013-1059
- SUSE Bug 826350
- SUSE Bug 882913
Описание
Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.
Затронутые продукты
Ссылки
- CVE-2013-1767
- SUSE Bug 806138
- SUSE Bug 807436
- SUSE Bug 871595
Описание
The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call.
Затронутые продукты
Ссылки
- CVE-2013-1772
- SUSE Bug 806238
- SUSE Bug 807441
- SUSE Bug 871595
Описание
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.
Затронутые продукты
Ссылки
- CVE-2013-1774
- SUSE Bug 806976
- SUSE Bug 807455
- SUSE Bug 871595
Описание
Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads.
Затронутые продукты
Ссылки
- CVE-2013-1792
- SUSE Bug 807428
- SUSE Bug 808358
- SUSE Bug 871595
Описание
The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.
Затронутые продукты
Ссылки
- CVE-2013-1796
- SUSE Bug 806980
- SUSE Bug 819789
- SUSE Bug 871595
Описание
Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.
Затронутые продукты
Ссылки
- CVE-2013-1797
- SUSE Bug 806980
- SUSE Bug 819789
- SUSE Bug 871595
Описание
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
Затронутые продукты
Ссылки
- CVE-2013-1798
- SUSE Bug 806980
- SUSE Bug 819789
- SUSE Bug 871595
Описание
The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map.
Затронутые продукты
Ссылки
- CVE-2013-1819
- SUSE Bug 807471
Описание
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.
Затронутые продукты
Ссылки
- CVE-2013-1848
- SUSE Bug 809155
- SUSE Bug 871595
Описание
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.
Затронутые продукты
Ссылки
- CVE-2013-1860
- SUSE Bug 806431
- SUSE Bug 871595
Описание
Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.
Затронутые продукты
Ссылки
- CVE-2013-1929
- SUSE Bug 813733
Описание
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.
Затронутые продукты
Ссылки
- CVE-2013-1979
- SUSE Bug 816708
Описание
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
Затронутые продукты
Ссылки
- CVE-2013-2094
- SUSE Bug 819789
- SUSE Bug 820202
Описание
The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.
Затронутые продукты
Ссылки
- CVE-2013-2148
- SUSE Bug 823517
Описание
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
Затронутые продукты
Ссылки
- CVE-2013-2164
- SUSE Bug 824295
Описание
The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.
Затронутые продукты
Ссылки
- CVE-2013-2206
- SUSE Bug 781018
- SUSE Bug 826102
Описание
The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.
Затронутые продукты
Ссылки
- CVE-2013-2232
- SUSE Bug 827750
Описание
The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.
Затронутые продукты
Ссылки
- CVE-2013-2234
- SUSE Bug 827749
Описание
The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
Затронутые продукты
Ссылки
- CVE-2013-2237
- SUSE Bug 828119
Описание
net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2013-2634
- SUSE Bug 810473
- SUSE Bug 871595
Описание
The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2013-2635
- SUSE Bug 810473
- SUSE Bug 871595
Описание
Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.
Затронутые продукты
Ссылки
- CVE-2013-2850
- SUSE Bug 821560
Описание
Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.
Затронутые продукты
Ссылки
- CVE-2013-2851
- SUSE Bug 822575
Описание
The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.
Затронутые продукты
Ссылки
- CVE-2013-2893
- SUSE Bug 835839
Описание
Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device.
Затронутые продукты
Ссылки
- CVE-2013-2897
- SUSE Bug 1241174
- SUSE Bug 835839
Описание
drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.
Затронутые продукты
Ссылки
- CVE-2013-2899
- SUSE Bug 1241177
- SUSE Bug 835839
Описание
The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.
Затронутые продукты
Ссылки
- CVE-2013-2929
- SUSE Bug 824295
- SUSE Bug 847652
Описание
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.
Затронутые продукты
Ссылки
- CVE-2013-3076
- SUSE Bug 816668
Описание
The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3222
- SUSE Bug 816668
Описание
The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3223
- SUSE Bug 816668
Описание
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3224
- SUSE Bug 816668
Описание
The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3225
- SUSE Bug 816668
Описание
The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3227
- SUSE Bug 816668
Описание
The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3228
- SUSE Bug 816668
Описание
The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3229
- SUSE Bug 816668
Описание
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3231
- SUSE Bug 816668
Описание
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3232
- SUSE Bug 816668
Описание
The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3234
- SUSE Bug 816668
Описание
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3235
- SUSE Bug 816668
Описание
The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.
Затронутые продукты
Ссылки
- CVE-2013-4162
- SUSE Bug 831058
Описание
The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.
Затронутые продукты
Ссылки
- CVE-2013-4163
- SUSE Bug 831055
Описание
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.
Затронутые продукты
Ссылки
- CVE-2013-4299
- SUSE Bug 846404
Описание
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.
Затронутые продукты
Ссылки
- CVE-2013-4345
- SUSE Bug 840226
Описание
The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
Затронутые продукты
Ссылки
- CVE-2013-4470
- SUSE Bug 847672
Описание
The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application.
Затронутые продукты
Ссылки
- CVE-2013-4483
- SUSE Bug 848321
Описание
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.
Затронутые продукты
Ссылки
- CVE-2013-4511
- SUSE Bug 849021
- SUSE Bug 850263
Описание
Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions.
Затронутые продукты
Ссылки
- CVE-2013-4514
- SUSE Bug 849029
Описание
The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.
Затронутые продукты
Ссылки
- CVE-2013-4515
- SUSE Bug 849034
Описание
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
Затронутые продукты
Ссылки
- CVE-2013-4579
- SUSE Bug 851426
Описание
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
Затронутые продукты
Ссылки
- CVE-2013-4587
- SUSE Bug 853050
- SUSE Bug 882914
Описание
Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.
Затронутые продукты
Ссылки
- CVE-2013-4592
- SUSE Bug 851101
Описание
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
Затронутые продукты
Ссылки
- CVE-2013-6367
- SUSE Bug 853051
Описание
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
Затронутые продукты
Ссылки
- CVE-2013-6368
- SUSE Bug 853052
Описание
The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.
Затронутые продукты
Ссылки
- CVE-2013-6378
- SUSE Bug 852559
Описание
The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.
Затронутые продукты
Ссылки
- CVE-2013-6380
- SUSE Bug 852373
Описание
Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.
Затронутые продукты
Ссылки
- CVE-2013-6382
- SUSE Bug 852553
Описание
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.
Затронутые продукты
Ссылки
- CVE-2013-6383
- SUSE Bug 852558
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271. Reason: This candidate is a duplicate of CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, and CVE-2013-7271. Notes: All CVE users should reference CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, and/or CVE-2013-7271 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2013-6463
- SUSE Bug 854722
- SUSE Bug 857643
Описание
The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.
Затронутые продукты
Ссылки
- CVE-2013-6885
- SUSE Bug 849668
- SUSE Bug 852967
- SUSE Bug 853049
Описание
The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.
Затронутые продукты
Ссылки
- CVE-2013-7027
- SUSE Bug 854634
Описание
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
Затронутые продукты
Ссылки
- CVE-2013-7263
- SUSE Bug 853040
- SUSE Bug 857643
Описание
The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Затронутые продукты
Ссылки
- CVE-2013-7264
- SUSE Bug 853040
- SUSE Bug 857643
Описание
The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Затронутые продукты
Ссылки
- CVE-2013-7265
- SUSE Bug 853040
- SUSE Bug 857643
Описание
The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
Затронутые продукты
Ссылки
- CVE-2013-7339
- SUSE Bug 869563
Описание
The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2014-0055
- SUSE Bug 870173
Описание
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
Затронутые продукты
Ссылки
- CVE-2014-0069
- SUSE Bug 864025
Описание
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
Затронутые продукты
Ссылки
- CVE-2014-0077
- SUSE Bug 870173
- SUSE Bug 870576
Описание
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Затронутые продукты
Ссылки
- CVE-2014-0101
- SUSE Bug 1115893
- SUSE Bug 866102
Описание
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
Затронутые продукты
Ссылки
- CVE-2014-0131
- SUSE Bug 824295
- SUSE Bug 867723
- SUSE Bug 869564
- SUSE Bug 889071
Описание
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.
Затронутые продукты
Ссылки
- CVE-2014-0181
- SUSE Bug 875051
Описание
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
Затронутые продукты
Ссылки
- CVE-2014-0196
- SUSE Bug 871252
- SUSE Bug 875690
- SUSE Bug 877345
- SUSE Bug 879878
- SUSE Bug 933423
Описание
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.
Затронутые продукты
Ссылки
- CVE-2014-1444
- SUSE Bug 858869
Описание
The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.
Затронутые продукты
Ссылки
- CVE-2014-1445
- SUSE Bug 858870
Описание
The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.
Затронутые продукты
Ссылки
- CVE-2014-1446
- SUSE Bug 858872
Описание
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
Затронутые продукты
Ссылки
- CVE-2014-1737
- SUSE Bug 1115893
- SUSE Bug 875798
- SUSE Bug 877345
Описание
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
Затронутые продукты
Ссылки
- CVE-2014-1738
- SUSE Bug 875798
- SUSE Bug 877345
Описание
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
Затронутые продукты
Ссылки
- CVE-2014-1739
- SUSE Bug 882804
Описание
The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.
Затронутые продукты
Ссылки
- CVE-2014-1874
- SUSE Bug 863335
Описание
arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction.
Затронутые продукты
Ссылки
- CVE-2014-2039
- SUSE Bug 862796
- SUSE Bug 865307
Описание
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.
Затронутые продукты
Ссылки
- CVE-2014-2309
- SUSE Bug 824295
- SUSE Bug 867531
Описание
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
Затронутые продукты
Ссылки
- CVE-2014-2523
- SUSE Bug 1115893
- SUSE Bug 868653
Описание
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
Затронутые продукты
Ссылки
- CVE-2014-2678
- SUSE Bug 871561
Описание
Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.
Затронутые продукты
Ссылки
- CVE-2014-2706
- SUSE Bug 1115893
- SUSE Bug 871797
Описание
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
Затронутые продукты
Ссылки
- CVE-2014-2851
- SUSE Bug 824295
- SUSE Bug 873374
Описание
The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.
Затронутые продукты
Ссылки
- CVE-2014-3122
- SUSE Bug 824295
- SUSE Bug 876102
Описание
The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.
Затронутые продукты
Ссылки
- CVE-2014-3144
- SUSE Bug 824295
- SUSE Bug 877257
- SUSE Bug 889071
Описание
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.
Затронутые продукты
Ссылки
- CVE-2014-3145
- SUSE Bug 824295
- SUSE Bug 877257
Описание
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
Затронутые продукты
Ссылки
- CVE-2014-3153
- SUSE Bug 877775
- SUSE Bug 880892
- SUSE Bug 882228
Описание
Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.
Затронутые продукты
Ссылки
- CVE-2014-3181
- SUSE Bug 896382
Описание
The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.
Затронутые продукты
Ссылки
- CVE-2014-3184
- SUSE Bug 896390
Описание
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.
Затронутые продукты
Ссылки
- CVE-2014-3185
- SUSE Bug 896391
Описание
Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.
Затронутые продукты
Ссылки
- CVE-2014-3186
- SUSE Bug 896392
Описание
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.
Затронутые продукты
Ссылки
- CVE-2014-3601
- SUSE Bug 892782
- SUSE Bug 902675
Описание
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.
Затронутые продукты
Ссылки
- CVE-2014-3610
- SUSE Bug 899192
Описание
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
Затронутые продукты
Ссылки
- CVE-2014-3646
- SUSE Bug 899192
Описание
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
Затронутые продукты
Ссылки
- CVE-2014-3647
- SUSE Bug 1013038
- SUSE Bug 1134834
- SUSE Bug 899192
Описание
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
Затронутые продукты
Ссылки
- CVE-2014-3673
- SUSE Bug 1115893
- SUSE Bug 902346
- SUSE Bug 902349
- SUSE Bug 904899
Описание
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
Затронутые продукты
Ссылки
- CVE-2014-3687
- SUSE Bug 1115893
- SUSE Bug 902349
- SUSE Bug 904899
- SUSE Bug 909208
Описание
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.
Затронутые продукты
Ссылки
- CVE-2014-3688
- SUSE Bug 902351
Описание
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.
Затронутые продукты
Ссылки
- CVE-2014-3690
- SUSE Bug 902232
Описание
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
Затронутые продукты
Ссылки
- CVE-2014-3917
- SUSE Bug 880484
Описание
arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.
Затронутые продукты
Ссылки
- CVE-2014-4508
- SUSE Bug 883724
Описание
** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype."
Затронутые продукты
Ссылки
- CVE-2014-4608
- SUSE Bug 883948
- SUSE Bug 889071
Описание
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
Затронутые продукты
Ссылки
- CVE-2014-4652
- SUSE Bug 883795
Описание
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
Затронутые продукты
Ссылки
- CVE-2014-4653
- SUSE Bug 883795
Описание
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.
Затронутые продукты
Ссылки
- CVE-2014-4654
- SUSE Bug 883795
Описание
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
Затронутые продукты
Ссылки
- CVE-2014-4655
- SUSE Bug 883795
Описание
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.
Затронутые продукты
Ссылки
- CVE-2014-4656
- SUSE Bug 883795
Описание
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
Затронутые продукты
Ссылки
- CVE-2014-4667
- SUSE Bug 885422
Описание
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
Затронутые продукты
Ссылки
- CVE-2014-4699
- SUSE Bug 885725
Описание
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
Затронутые продукты
Ссылки
- CVE-2014-4943
- SUSE Bug 887082
Описание
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
Затронутые продукты
Ссылки
- CVE-2014-5077
- SUSE Bug 889173
Описание
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.
Затронутые продукты
Ссылки
- CVE-2014-5471
- SUSE Bug 892490
Описание
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
Затронутые продукты
Ссылки
- CVE-2014-5472
- SUSE Bug 892490
Описание
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.
Затронутые продукты
Ссылки
- CVE-2014-7826
- SUSE Bug 904012
- SUSE Bug 904013
Описание
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.
Затронутые продукты
Ссылки
- CVE-2014-7841
- SUSE Bug 904899
- SUSE Bug 905100
Описание
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.
Затронутые продукты
Ссылки
- CVE-2014-7842
- SUSE Bug 905312
- SUSE Bug 907822
Описание
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.
Затронутые продукты
Ссылки
- CVE-2014-8133
- SUSE Bug 817142
- SUSE Bug 906545
- SUSE Bug 907818
- SUSE Bug 909077
Описание
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.
Затронутые продукты
Ссылки
- CVE-2014-8134
- SUSE Bug 907818
- SUSE Bug 909077
- SUSE Bug 909078
Описание
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.
Затронутые продукты
Ссылки
- CVE-2014-8369
- SUSE Bug 892782
- SUSE Bug 902675
Описание
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
Затронутые продукты
Ссылки
- CVE-2014-8559
- SUSE Bug 903640
- SUSE Bug 915517
Описание
The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets.
Затронутые продукты
Ссылки
- CVE-2014-8709
- SUSE Bug 904700
Описание
The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.
Затронутые продукты
Ссылки
- CVE-2014-9090
- SUSE Bug 817142
- SUSE Bug 907818
- SUSE Bug 909077
- SUSE Bug 910251
Описание
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
Затронутые продукты
Ссылки
- CVE-2014-9322
- SUSE Bug 1115893
- SUSE Bug 817142
- SUSE Bug 910251
Описание
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
Затронутые продукты
Ссылки
- CVE-2014-9584
- SUSE Bug 912654
Описание
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
Затронутые продукты
Ссылки
- CVE-2014-9585
- SUSE Bug 912705