Описание
Security update for Kernel
The SUSE Linux Enterprise 11 SP1 Teradata kernel was updated to fix bugs and security issues.
Following security issues were fixed:
CVE-2011-1083: Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time.
CVE-2011-4086: Fixed a oops in jbd/jbd2 that could be caused by specific filesystem access patterns.
CVE-2011-4622: KVM: Prevent starting PIT timers in the absence of irqchip support.
CVE-2012-0045: KVM: Extend 'struct x86_emulate_ops' with 'get_cpuid' and fix missing checks in syscall emulation.
CVE-2012-0879: Fix io_context leak after clone with CLONE_IO.
CVE-2012-1090: Fixed a dentry refcount leak in the CIFS file system that could lead to a crash on unmount.
CVE-2012-1097: The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible.
Following non-security issues were fixed:
Following feature was implemented:
Security Issues:
Список пакетов
SUSE Linux Enterprise Server 11 SP1-LTSS
SUSE Linux Enterprise Server 11 SP1-TERADATA
Ссылки
- Link for SUSE-SU-2015:0652-1
- E-Mail link for SUSE-SU-2015:0652-1
- SUSE Security Ratings
- SUSE Bug 466279
- SUSE Bug 468397
- SUSE Bug 501563
- SUSE Bug 529535
- SUSE Bug 552250
- SUSE Bug 557710
- SUSE Bug 558740
- SUSE Bug 564324
- SUSE Bug 564423
- SUSE Bug 566768
- SUSE Bug 573330
- SUSE Bug 574006
- SUSE Bug 577967
- SUSE Bug 578572
- SUSE Bug 580373
- SUSE Bug 582730
- SUSE Bug 584493
Описание
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data.
Затронутые продукты
Ссылки
- CVE-2010-1173
- SUSE Bug 600375
- SUSE Bug 702025
- SUSE Bug 941110
Описание
The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.
Затронутые продукты
Ссылки
- CVE-2010-1641
- SUSE Bug 608576
Описание
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.
Затронутые продукты
Ссылки
- CVE-2010-2066
- SUSE Bug 612457
Описание
Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.
Затронутые продукты
Ссылки
- CVE-2010-2478
- SUSE Bug 618157
Описание
The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.
Затронутые продукты
Ссылки
- CVE-2010-2495
- SUSE Bug 616612
Описание
Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions.
Затронутые продукты
Ссылки
- CVE-2010-2521
- SUSE Bug 620372
Описание
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.
Затронутые продукты
Ссылки
- CVE-2010-2524
- SUSE Bug 627386
- SUSE Bug 627447
Описание
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor.
Затронутые продукты
Ссылки
- CVE-2010-2537
- SUSE Bug 624587
Описание
Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-2538
- SUSE Bug 624587
Описание
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.
Затронутые продукты
Ссылки
- CVE-2010-2798
- SUSE Bug 627386
Описание
The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.
Затронутые продукты
Ссылки
- CVE-2010-2803
- SUSE Bug 628604
Описание
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
Затронутые продукты
Ссылки
- CVE-2010-2942
- SUSE Bug 632309
- SUSE Bug 642324
Описание
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
Затронутые продукты
Ссылки
- CVE-2010-2943
- SUSE Bug 632317
Описание
fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.
Затронутые продукты
Ссылки
- CVE-2010-2946
- SUSE Bug 633585
Описание
The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.
Затронутые продукты
Ссылки
- CVE-2010-2954
- SUSE Bug 636112
Описание
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.
Затронутые продукты
Ссылки
- CVE-2010-2955
- SUSE Bug 635413
Описание
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
Затронутые продукты
Ссылки
- CVE-2010-2959
- SUSE Bug 633581
Описание
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function.
Затронутые продукты
Ссылки
- CVE-2010-2960
- SUSE Bug 634637
Описание
drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.
Затронутые продукты
Ссылки
- CVE-2010-2962
- SUSE Bug 642009
- SUSE Bug 653588
Описание
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.
Затронутые продукты
Ссылки
- CVE-2010-2963
- SUSE Bug 646045
Описание
Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.
Затронутые продукты
Ссылки
- CVE-2010-3015
- SUSE Bug 631801
Описание
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-3078
- SUSE Bug 637436
Описание
kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file.
Затронутые продукты
Ссылки
- CVE-2010-3079
- SUSE Bug 637502
Описание
Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device.
Затронутые продукты
Ссылки
- CVE-2010-3080
- SUSE Bug 638277
Описание
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.
Затронутые продукты
Ссылки
- CVE-2010-3081
- SUSE Bug 639709
- SUSE Bug 641575
- SUSE Bug 871595
Описание
Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command.
Затронутые продукты
Ссылки
- CVE-2010-3084
- SUSE Bug 638274
Описание
The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-3296
- SUSE Bug 639481
- SUSE Bug 649187
Описание
The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-3297
- SUSE Bug 639482
- SUSE Bug 649187
Описание
The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-3298
- SUSE Bug 639483
- SUSE Bug 649187
Описание
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.
Затронутые продукты
Ссылки
- CVE-2010-3301
- SUSE Bug 639708
Описание
Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.
Затронутые продукты
Ссылки
- CVE-2010-3310
- SUSE Bug 640721
Описание
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-3437
- SUSE Bug 642486
Описание
The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
Затронутые продукты
Ссылки
- CVE-2010-3699
- SUSE Bug 655964
Описание
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array.
Затронутые продукты
Ссылки
- CVE-2010-3705
- SUSE Bug 643513
Описание
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
Затронутые продукты
Ссылки
- CVE-2010-3858
- SUSE Bug 648302
- SUSE Bug 655220
Описание
The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478.
Затронутые продукты
Ссылки
- CVE-2010-3861
- SUSE Bug 649187
Описание
Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2010-3865
- SUSE Bug 650128
Описание
The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.
Затронутые продукты
Ссылки
- CVE-2010-3873
- SUSE Bug 651219
- SUSE Bug 653260
Описание
Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation.
Затронутые продукты
Ссылки
- CVE-2010-3874
- SUSE Bug 651218
Описание
The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.
Затронутые продукты
Ссылки
- CVE-2010-3875
- SUSE Bug 650897
Описание
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures.
Затронутые продукты
Ссылки
- CVE-2010-3876
- SUSE Bug 650897
Описание
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.
Затронутые продукты
Ссылки
- CVE-2010-3877
- SUSE Bug 650897
Описание
net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.
Затронутые продукты
Ссылки
- CVE-2010-3880
- SUSE Bug 651599
Описание
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.
Затронутые продукты
Ссылки
- CVE-2010-3881
- SUSE Bug 651596
- SUSE Bug 662663
- SUSE Bug 706696
Описание
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Затронутые продукты
Ссылки
- CVE-2010-3904
- SUSE Bug 647392
- SUSE Bug 676707
- SUSE Bug 703752
Описание
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
Затронутые продукты
Ссылки
- CVE-2010-4072
- SUSE Bug 642314
Описание
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
Затронутые продукты
Ссылки
- CVE-2010-4073
- SUSE Bug 642314
Описание
The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-4075
- SUSE Bug 642309
Описание
The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-4076
- SUSE Bug 642309
Описание
The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-4077
- SUSE Bug 642309
Описание
The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-4082
- SUSE Bug 642313
Описание
The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call.
Затронутые продукты
Ссылки
- CVE-2010-4083
- SUSE Bug 642314
Описание
Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-4157
- SUSE Bug 652940
Описание
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.
Затронутые продукты
Ссылки
- CVE-2010-4158
- SUSE Bug 652563
Описание
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call.
Затронутые продукты
Ссылки
- CVE-2010-4160
- SUSE Bug 652939
Описание
Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.
Затронутые продукты
Ссылки
- CVE-2010-4162
- SUSE Bug 652945
Описание
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device.
Затронутые продукты
Ссылки
- CVE-2010-4163
- SUSE Bug 652945
- SUSE Bug 662202
Описание
Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873.
Затронутые продукты
Ссылки
- CVE-2010-4164
- SUSE Bug 653260
Описание
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
Затронутые продукты
Ссылки
- CVE-2010-4165
- SUSE Bug 653258
Описание
Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.
Затронутые продукты
Ссылки
- CVE-2010-4169
- SUSE Bug 653930
Описание
Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865.
Затронутые продукты
Ссылки
- CVE-2010-4175
- SUSE Bug 654581
Описание
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
Затронутые продукты
Ссылки
- CVE-2010-4243
- SUSE Bug 655220
- SUSE Bug 746947
Описание
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
Затронутые продукты
Ссылки
- CVE-2010-4251
- SUSE Bug 643138
- SUSE Bug 655973
- SUSE Bug 826455
Описание
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.
Затронутые продукты
Ссылки
- CVE-2010-4258
- SUSE Bug 657350
Описание
The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.
Затронутые продукты
Ссылки
- CVE-2010-4342
- SUSE Bug 658461
Описание
The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application.
Затронутые продукты
Ссылки
- CVE-2010-4346
- SUSE Bug 658720
Описание
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
Затронутые продукты
Ссылки
- CVE-2010-4526
- SUSE Bug 662192
Описание
The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.
Затронутые продукты
Ссылки
- CVE-2010-4527
- SUSE Bug 661945
Описание
Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call.
Затронутые продукты
Ссылки
- CVE-2010-4529
- SUSE Bug 662031
Описание
Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server.
Затронутые продукты
Ссылки
- CVE-2010-4650
- SUSE Bug 662945
Описание
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.
Затронутые продукты
Ссылки
- CVE-2010-4656
- SUSE Bug 666842
Описание
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163.
Затронутые продукты
Ссылки
- CVE-2010-4668
- SUSE Bug 652945
- SUSE Bug 662202
Описание
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842.
Затронутые продукты
Ссылки
- CVE-2010-5313
- SUSE Bug 905312
- SUSE Bug 907822
Описание
The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.
Затронутые продукты
Ссылки
- CVE-2011-0006
- SUSE Bug 662942
Описание
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
Затронутые продукты
Ссылки
- CVE-2011-0191
- SUSE Bug 672505
- SUSE Bug 672510
- SUSE Bug 682053
- SUSE Bug 854393
Описание
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.
Затронутые продукты
Ссылки
- CVE-2011-0521
- SUSE Bug 666836
Описание
The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/.
Затронутые продукты
Ссылки
- CVE-2011-0710
- SUSE Bug 672492
Описание
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.
Затронутые продукты
Ссылки
- CVE-2011-0711
- SUSE Bug 672505
- SUSE Bug 672524
Описание
Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.
Затронутые продукты
Ссылки
- CVE-2011-0712
- SUSE Bug 672499
Описание
The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table.
Затронутые продукты
Ссылки
- CVE-2011-1012
- SUSE Bug 674254
Описание
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.
Затронутые продукты
Ссылки
- CVE-2011-1013
- SUSE Bug 674691
Описание
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.
Затронутые продукты
Ссылки
- CVE-2011-1016
- SUSE Bug 674691
- SUSE Bug 674693
Описание
Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table.
Затронутые продукты
Ссылки
- CVE-2011-1017
- SUSE Bug 674648
- SUSE Bug 698221
Описание
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
Затронутые продукты
Ссылки
- CVE-2011-1020
- SUSE Bug 674982
Описание
The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option.
Затронутые продукты
Ссылки
- CVE-2011-1078
- SUSE Bug 676601
Описание
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.
Затронутые продукты
Ссылки
- CVE-2011-1079
- SUSE Bug 1139868
- SUSE Bug 676601
Описание
The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line.
Затронутые продукты
Ссылки
- CVE-2011-1080
- SUSE Bug 676602
Описание
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
Затронутые продукты
Ссылки
- CVE-2011-1082
- SUSE Bug 676202
- SUSE Bug 690537
Описание
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
Затронутые продукты
Ссылки
- CVE-2011-1083
- SUSE Bug 676204
- SUSE Bug 690537
Описание
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL.
Затронутые продукты
Ссылки
- CVE-2011-1090
- SUSE Bug 677286
Описание
The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.
Затронутые продукты
Ссылки
- CVE-2011-1093
- SUSE Bug 677676
Описание
The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2011-1160
- SUSE Bug 680040
Описание
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.
Затронутые продукты
Ссылки
- CVE-2011-1163
- SUSE Bug 679812
Описание
net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
Затронутые продукты
Ссылки
- CVE-2011-1170
- SUSE Bug 681180
Описание
net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
Затронутые продукты
Ссылки
- CVE-2011-1171
- SUSE Bug 681181
Описание
net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
Затронутые продукты
Ссылки
- CVE-2011-1172
- SUSE Bug 681185
- SUSE Bug 693976
Описание
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.
Затронутые продукты
Ссылки
- CVE-2011-1173
- SUSE Bug 681186
Описание
Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length.
Затронутые продукты
Ссылки
- CVE-2011-1180
- SUSE Bug 681497
Описание
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
Затронутые продукты
Ссылки
- CVE-2011-1182
- SUSE Bug 681826
- SUSE Bug 690537
Описание
Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer.
Затронутые продукты
Ссылки
- CVE-2011-1476
- SUSE Bug 681999
Описание
Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.
Затронутые продукты
Ссылки
- CVE-2011-1477
- SUSE Bug 681999
Описание
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.
Затронутые продукты
Ссылки
- CVE-2011-1478
- SUSE Bug 682965
- SUSE Bug 698450
Описание
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
Затронутые продукты
Ссылки
- CVE-2011-1573
- SUSE Bug 686813
Описание
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.
Затронутые продукты
Ссылки
- CVE-2011-1576
- SUSE Bug 698450
Описание
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.
Затронутые продукты
Ссылки
- CVE-2011-1577
- SUSE Bug 687113
- SUSE Bug 692784
Описание
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user.
Затронутые продукты
Ссылки
- CVE-2011-1585
- SUSE Bug 687812
Описание
Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.
Затронутые продукты
Ссылки
- CVE-2011-1593
- SUSE Bug 688432
- SUSE Bug 690537
Описание
The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
Затронутые продукты
Ссылки
- CVE-2011-1598
- SUSE Bug 688685
- SUSE Bug 689038
Описание
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.
Затронутые продукты
Ссылки
- CVE-2011-1745
- SUSE Bug 689797
- SUSE Bug 693043
Описание
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.
Затронутые продукты
Ссылки
- CVE-2011-1746
- SUSE Bug 689797
Описание
The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
Затронутые продукты
Ссылки
- CVE-2011-1748
- SUSE Bug 689041
Описание
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.
Затронутые продукты
Ссылки
- CVE-2011-1833
- SUSE Bug 709771
- SUSE Bug 711539
Описание
The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017.
Затронутые продукты
Ссылки
- CVE-2011-2182
- SUSE Bug 674648
- SUSE Bug 698221
Описание
Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application.
Затронутые продукты
Ссылки
- CVE-2011-2183
- SUSE Bug 697901
Описание
The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.
Затронутые продукты
Ссылки
- CVE-2011-2203
- SUSE Bug 699709
Описание
The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.
Затронутые продукты
Ссылки
- CVE-2011-2213
- SUSE Bug 700879
Описание
The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.
Затронутые продукты
Ссылки
- CVE-2011-2491
- SUSE Bug 702013
Описание
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.
Затронутые продукты
Ссылки
- CVE-2011-2494
- SUSE Bug 703156
Описание
Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping.
Затронутые продукты
Ссылки
- CVE-2011-2496
- SUSE Bug 702285
Описание
Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value.
Затронутые продукты
Ссылки
- CVE-2011-2517
- SUSE Bug 703410
Описание
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
Затронутые продукты
Ссылки
- CVE-2011-2699
- SUSE Bug 707288
Описание
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
Затронутые продукты
Ссылки
- CVE-2011-3188
- SUSE Bug 713650
- SUSE Bug 737874
Описание
A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames.
Затронутые продукты
Ссылки
- CVE-2011-3593
- SUSE Bug 735347
Описание
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.
Затронутые продукты
Ссылки
- CVE-2011-4077
- SUSE Bug 726600
Описание
crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.
Затронутые продукты
Ссылки
- CVE-2011-4081
- SUSE Bug 726788
Описание
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal.
Затронутые продукты
Ссылки
- CVE-2011-4086
- SUSE Bug 745832
Описание
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
Затронутые продукты
Ссылки
- CVE-2011-4110
- SUSE Bug 734056
Описание
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
Затронутые продукты
Ссылки
- CVE-2011-4127
- SUSE Bug 738400
- SUSE Bug 758104
Описание
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value."
Затронутые продукты
Ссылки
- CVE-2011-4132
- SUSE Bug 730118
Описание
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.
Затронутые продукты
Ссылки
- CVE-2011-4326
- SUSE Bug 732021
Описание
Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.
Затронутые продукты
Ссылки
- CVE-2011-4330
- SUSE Bug 731673
- SUSE Bug 941447
Описание
The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.
Затронутые продукты
Ссылки
- CVE-2011-4622
- SUSE Bug 738210
Описание
Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2012-0038
- SUSE Bug 740703
Описание
The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.
Затронутые продукты
Ссылки
- CVE-2012-0045
- SUSE Bug 740969
Описание
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
Затронутые продукты
Ссылки
- CVE-2012-0879
- SUSE Bug 748812
Описание
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
Затронутые продукты
Ссылки
- CVE-2012-1090
- SUSE Bug 749569
Описание
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
Затронутые продукты
Ссылки
- CVE-2012-1097
- SUSE Bug 750079
Описание
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
Затронутые продукты
Ссылки
- CVE-2012-1601
- SUSE Bug 754898
Описание
Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.
Затронутые продукты
Ссылки
- CVE-2012-2137
- SUSE Bug 767612
- SUSE Bug 871595
Описание
The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.
Затронутые продукты
Ссылки
- CVE-2012-2372
- SUSE Bug 767610
- SUSE Bug 795039
Описание
The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.
Затронутые продукты
Ссылки
- CVE-2012-2745
- SUSE Bug 770695
- SUSE Bug 795039
Описание
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
Затронутые продукты
Ссылки
- CVE-2012-3375
- SUSE Bug 769896
Описание
The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.
Затронутые продукты
Ссылки
- CVE-2012-3412
- SUSE Bug 774523
Описание
The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.
Затронутые продукты
Ссылки
- CVE-2012-3430
- SUSE Bug 773383
- SUSE Bug 795039
Описание
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.
Затронутые продукты
Ссылки
- CVE-2012-3511
- SUSE Bug 776884
Описание
The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments.
Затронутые продукты
Ссылки
- CVE-2012-4444
- SUSE Bug 789831
Описание
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-4530
- SUSE Bug 786013
- SUSE Bug 841063
Описание
The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats.
Затронутые продукты
Ссылки
- CVE-2012-4565
- SUSE Bug 787576
Описание
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
Затронутые продукты
Ссылки
- CVE-2012-6537
- SUSE Bug 809889
Описание
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
Затронутые продукты
Ссылки
- CVE-2012-6538
- SUSE Bug 809889
Описание
The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-6539
- SUSE Bug 809891
Описание
The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-6540
- SUSE Bug 809892
Описание
The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-6541
- SUSE Bug 809893
Описание
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.
Затронутые продукты
Ссылки
- CVE-2012-6542
- SUSE Bug 809894
Описание
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
Затронутые продукты
Ссылки
- CVE-2012-6544
- SUSE Bug 809898
Описание
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-6545
- SUSE Bug 809899
Описание
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-6546
- SUSE Bug 809900
Описание
The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-6547
- SUSE Bug 809901
Описание
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-6548
- SUSE Bug 809902
- SUSE Bug 871595
Описание
The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2012-6549
- SUSE Bug 809903
- SUSE Bug 871595
Описание
The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command.
Затронутые продукты
Ссылки
- CVE-2012-6647
- SUSE Bug 878289
Описание
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.
Затронутые продукты
Ссылки
- CVE-2012-6657
- SUSE Bug 896779
Описание
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
Затронутые продукты
Ссылки
- CVE-2013-0160
- SUSE Bug 797175
- SUSE Bug 841063
- SUSE Bug 871595
Описание
The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.
Затронутые продукты
Ссылки
- CVE-2013-0216
- SUSE Bug 800280
- SUSE Bug 800801
- SUSE Bug 801178
- SUSE Bug 841063
- SUSE Bug 871595
Описание
The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.
Затронутые продукты
Ссылки
- CVE-2013-0231
- SUSE Bug 801178
- SUSE Bug 841063
- SUSE Bug 871595
Описание
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
Затронутые продукты
Ссылки
- CVE-2013-0268
- SUSE Bug 802642
- SUSE Bug 841063
- SUSE Bug 871595
Описание
The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call.
Затронутые продукты
Ссылки
- CVE-2013-0310
- SUSE Bug 1133087
- SUSE Bug 804653
Описание
The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.
Затронутые продукты
Ссылки
- CVE-2013-0343
- SUSE Bug 805226
Описание
The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call.
Затронутые продукты
Ссылки
- CVE-2013-0349
- SUSE Bug 805227
- SUSE Bug 871595
Описание
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.
Затронутые продукты
Ссылки
- CVE-2013-0871
- SUSE Bug 804154
- SUSE Bug 804227
- SUSE Bug 841063
Описание
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.
Затронутые продукты
Ссылки
- CVE-2013-0914
- SUSE Bug 808827
- SUSE Bug 871595
Описание
Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.
Затронутые продукты
Ссылки
- CVE-2013-1767
- SUSE Bug 806138
- SUSE Bug 807436
- SUSE Bug 871595
Описание
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
Затронутые продукты
Ссылки
- CVE-2013-1773
- SUSE Bug 806977
- SUSE Bug 807452
Описание
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.
Затронутые продукты
Ссылки
- CVE-2013-1774
- SUSE Bug 806976
- SUSE Bug 807455
- SUSE Bug 871595
Описание
Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads.
Затронутые продукты
Ссылки
- CVE-2013-1792
- SUSE Bug 807428
- SUSE Bug 808358
- SUSE Bug 871595
Описание
The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.
Затронутые продукты
Ссылки
- CVE-2013-1796
- SUSE Bug 806980
- SUSE Bug 819789
- SUSE Bug 871595
Описание
Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.
Затронутые продукты
Ссылки
- CVE-2013-1797
- SUSE Bug 806980
- SUSE Bug 819789
- SUSE Bug 871595
Описание
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
Затронутые продукты
Ссылки
- CVE-2013-1798
- SUSE Bug 806980
- SUSE Bug 819789
- SUSE Bug 871595
Описание
net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call.
Затронутые продукты
Ссылки
- CVE-2013-1827
- SUSE Bug 811354
Описание
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.
Затронутые продукты
Ссылки
- CVE-2013-1860
- SUSE Bug 806431
- SUSE Bug 871595
Описание
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.
Затронутые продукты
Ссылки
- CVE-2013-1928
- SUSE Bug 813735
Описание
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
Затронутые продукты
Ссылки
- CVE-2013-1943
- SUSE Bug 828012
Описание
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.
Затронутые продукты
Ссылки
- CVE-2013-2015
- SUSE Bug 817377
Описание
The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.
Затронутые продукты
Ссылки
- CVE-2013-2141
- SUSE Bug 823267
Описание
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.
Затронутые продукты
Ссылки
- CVE-2013-2147
- SUSE Bug 823260
Описание
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
Затронутые продукты
Ссылки
- CVE-2013-2164
- SUSE Bug 824295
Описание
The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.
Затронутые продукты
Ссылки
- CVE-2013-2232
- SUSE Bug 827750
Описание
The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.
Затронутые продукты
Ссылки
- CVE-2013-2234
- SUSE Bug 827749
Описание
The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
Затронутые продукты
Ссылки
- CVE-2013-2237
- SUSE Bug 828119
Описание
net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Затронутые продукты
Ссылки
- CVE-2013-2634
- SUSE Bug 810473
- SUSE Bug 871595
Описание
Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.
Затронутые продукты
Ссылки
- CVE-2013-2851
- SUSE Bug 822575
Описание
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
Затронутые продукты
Ссылки
- CVE-2013-2852
- SUSE Bug 822579
Описание
Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.
Затронутые продукты
Ссылки
- CVE-2013-2888
- SUSE Bug 835839
Описание
drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.
Затронутые продукты
Ссылки
- CVE-2013-2889
- SUSE Bug 835839
Описание
drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.
Затронутые продукты
Ссылки
- CVE-2013-2892
- SUSE Bug 835839
Описание
The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.
Затронутые продукты
Ссылки
- CVE-2013-2893
- SUSE Bug 835839
Описание
Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device.
Затронутые продукты
Ссылки
- CVE-2013-2897
- SUSE Bug 1241174
- SUSE Bug 835839
Описание
The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.
Затронутые продукты
Ссылки
- CVE-2013-2929
- SUSE Bug 824295
- SUSE Bug 847652
Описание
The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3222
- SUSE Bug 816668
Описание
The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3223
- SUSE Bug 816668
Описание
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3224
- SUSE Bug 816668
Описание
The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3225
- SUSE Bug 816668
Описание
The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3228
- SUSE Bug 816668
Описание
The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3229
- SUSE Bug 816668
Описание
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3231
- SUSE Bug 816668
Описание
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3232
- SUSE Bug 816668
Описание
The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3234
- SUSE Bug 816668
Описание
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Затронутые продукты
Ссылки
- CVE-2013-3235
- SUSE Bug 816668
Описание
The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.
Затронутые продукты
Ссылки
- CVE-2013-4162
- SUSE Bug 831058
Описание
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.
Затронутые продукты
Ссылки
- CVE-2013-4299
- SUSE Bug 846404
Описание
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.
Затронутые продукты
Ссылки
- CVE-2013-4345
- SUSE Bug 840226
Описание
The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
Затронутые продукты
Ссылки
- CVE-2013-4470
- SUSE Bug 847672
Описание
The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application.
Затронутые продукты
Ссылки
- CVE-2013-4483
- SUSE Bug 848321
Описание
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.
Затронутые продукты
Ссылки
- CVE-2013-4511
- SUSE Bug 849021
- SUSE Bug 850263
Описание
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
Затронутые продукты
Ссылки
- CVE-2013-4587
- SUSE Bug 853050
- SUSE Bug 882914
Описание
Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.
Затронутые продукты
Ссылки
- CVE-2013-4588
- SUSE Bug 851095
Описание
Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem.
Затронутые продукты
Ссылки
- CVE-2013-4591
- SUSE Bug 851103
Описание
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
Затронутые продукты
Ссылки
- CVE-2013-6367
- SUSE Bug 853051
Описание
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
Затронутые продукты
Ссылки
- CVE-2013-6368
- SUSE Bug 853052
Описание
The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.
Затронутые продукты
Ссылки
- CVE-2013-6378
- SUSE Bug 852559
Описание
Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.
Затронутые продукты
Ссылки
- CVE-2013-6382
- SUSE Bug 852553
Описание
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.
Затронутые продукты
Ссылки
- CVE-2013-6383
- SUSE Bug 852558
Описание
The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.
Затронутые продукты
Ссылки
- CVE-2013-6885
- SUSE Bug 849668
- SUSE Bug 852967
- SUSE Bug 853049
Описание
The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.
Затронутые продукты
Ссылки
- CVE-2013-7027
- SUSE Bug 854634
Описание
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
Затронутые продукты
Ссылки
- CVE-2013-7263
- SUSE Bug 853040
- SUSE Bug 857643
Описание
The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Затронутые продукты
Ссылки
- CVE-2013-7264
- SUSE Bug 853040
- SUSE Bug 857643
Описание
The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Затронутые продукты
Ссылки
- CVE-2013-7265
- SUSE Bug 853040
- SUSE Bug 857643
Описание
The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Затронутые продукты
Ссылки
- CVE-2013-7266
- SUSE Bug 854722
- SUSE Bug 857643
- SUSE Bug 882914
Описание
The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Затронутые продукты
Ссылки
- CVE-2013-7267
- SUSE Bug 854722
- SUSE Bug 857643
- SUSE Bug 882914
Описание
The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Затронутые продукты
Ссылки
- CVE-2013-7268
- SUSE Bug 854722
- SUSE Bug 857643
- SUSE Bug 882914
Описание
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Затронутые продукты
Ссылки
- CVE-2013-7269
- SUSE Bug 854722
- SUSE Bug 857643
- SUSE Bug 882914
Описание
The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Затронутые продукты
Ссылки
- CVE-2013-7270
- SUSE Bug 854722
- SUSE Bug 857643
- SUSE Bug 882914
Описание
The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Затронутые продукты
Ссылки
- CVE-2013-7271
- SUSE Bug 854722
- SUSE Bug 857643
- SUSE Bug 882914
Описание
The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
Затронутые продукты
Ссылки
- CVE-2013-7339
- SUSE Bug 869563
Описание
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Затронутые продукты
Ссылки
- CVE-2014-0101
- SUSE Bug 1115893
- SUSE Bug 866102
Описание
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.
Затронутые продукты
Ссылки
- CVE-2014-0181
- SUSE Bug 875051
Описание
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
Затронутые продукты
Ссылки
- CVE-2014-0196
- SUSE Bug 871252
- SUSE Bug 875690
- SUSE Bug 877345
- SUSE Bug 879878
- SUSE Bug 933423
Описание
The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.
Затронутые продукты
Ссылки
- CVE-2014-0203
- SUSE Bug 883526
Описание
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.
Затронутые продукты
Ссылки
- CVE-2014-1444
- SUSE Bug 858869
Описание
The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.
Затронутые продукты
Ссылки
- CVE-2014-1445
- SUSE Bug 858870
Описание
The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.
Затронутые продукты
Ссылки
- CVE-2014-1446
- SUSE Bug 858872
Описание
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
Затронутые продукты
Ссылки
- CVE-2014-1737
- SUSE Bug 1115893
- SUSE Bug 875798
- SUSE Bug 877345
Описание
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
Затронутые продукты
Ссылки
- CVE-2014-1738
- SUSE Bug 875798
- SUSE Bug 877345
Описание
The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.
Затронутые продукты
Ссылки
- CVE-2014-1874
- SUSE Bug 863335
Описание
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
Затронутые продукты
Ссылки
- CVE-2014-2523
- SUSE Bug 1115893
- SUSE Bug 868653
Описание
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
Затронутые продукты
Ссылки
- CVE-2014-2678
- SUSE Bug 871561
Описание
The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.
Затронутые продукты
Ссылки
- CVE-2014-3122
- SUSE Bug 824295
- SUSE Bug 876102
Описание
The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.
Затронутые продукты
Ссылки
- CVE-2014-3144
- SUSE Bug 824295
- SUSE Bug 877257
- SUSE Bug 889071
Описание
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.
Затронутые продукты
Ссылки
- CVE-2014-3145
- SUSE Bug 824295
- SUSE Bug 877257
Описание
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
Затронутые продукты
Ссылки
- CVE-2014-3153
- SUSE Bug 877775
- SUSE Bug 880892
- SUSE Bug 882228
Описание
The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.
Затронутые продукты
Ссылки
- CVE-2014-3184
- SUSE Bug 896390
Описание
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.
Затронутые продукты
Ссылки
- CVE-2014-3185
- SUSE Bug 896391
Описание
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
Затронутые продукты
Ссылки
- CVE-2014-3673
- SUSE Bug 1115893
- SUSE Bug 902346
- SUSE Bug 902349
- SUSE Bug 904899
Описание
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
Затронутые продукты
Ссылки
- CVE-2014-3687
- SUSE Bug 1115893
- SUSE Bug 902349
- SUSE Bug 904899
- SUSE Bug 909208
Описание
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.
Затронутые продукты
Ссылки
- CVE-2014-3688
- SUSE Bug 902351
Описание
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
Затронутые продукты
Ссылки
- CVE-2014-3917
- SUSE Bug 880484
Описание
arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.
Затронутые продукты
Ссылки
- CVE-2014-4508
- SUSE Bug 883724
Описание
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
Затронутые продукты
Ссылки
- CVE-2014-4652
- SUSE Bug 883795
Описание
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
Затронутые продукты
Ссылки
- CVE-2014-4653
- SUSE Bug 883795
Описание
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.
Затронутые продукты
Ссылки
- CVE-2014-4654
- SUSE Bug 883795
Описание
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
Затронутые продукты
Ссылки
- CVE-2014-4655
- SUSE Bug 883795
Описание
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.
Затронутые продукты
Ссылки
- CVE-2014-4656
- SUSE Bug 883795
Описание
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
Затронутые продукты
Ссылки
- CVE-2014-4667
- SUSE Bug 885422
Описание
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
Затронутые продукты
Ссылки
- CVE-2014-4699
- SUSE Bug 885725
Описание
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
Затронутые продукты
Ссылки
- CVE-2014-4943
- SUSE Bug 887082
Описание
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
Затронутые продукты
Ссылки
- CVE-2014-5077
- SUSE Bug 889173
Описание
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.
Затронутые продукты
Ссылки
- CVE-2014-7841
- SUSE Bug 904899
- SUSE Bug 905100
Описание
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.
Затронутые продукты
Ссылки
- CVE-2014-7842
- SUSE Bug 905312
- SUSE Bug 907822
Описание
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.
Затронутые продукты
Ссылки
- CVE-2014-8133
- SUSE Bug 817142
- SUSE Bug 906545
- SUSE Bug 907818
- SUSE Bug 909077
Описание
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.
Затронутые продукты
Ссылки
- CVE-2014-8160
- SUSE Bug 857643
- SUSE Bug 913059
Описание
The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets.
Затронутые продукты
Ссылки
- CVE-2014-8709
- SUSE Bug 904700
Описание
The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.
Затронутые продукты
Ссылки
- CVE-2014-9090
- SUSE Bug 817142
- SUSE Bug 907818
- SUSE Bug 909077
- SUSE Bug 910251
Описание
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
Затронутые продукты
Ссылки
- CVE-2014-9322
- SUSE Bug 1115893
- SUSE Bug 817142
- SUSE Bug 910251
Описание
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.
Затронутые продукты
Ссылки
- CVE-2014-9420
- SUSE Bug 906545
- SUSE Bug 911325
Описание
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
Затронутые продукты
Ссылки
- CVE-2014-9584
- SUSE Bug 912654
Описание
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
Затронутые продукты
Ссылки
- CVE-2014-9585
- SUSE Bug 912705