Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:12874
[Rus]
Version
11
Class
patch
ALTXid
30288
Language
English
Severity
High
Title
DSA-2153-1 linux-2.6 -- privilege escalation/denial of service/information leak
Description
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.
Family
unix
Platform
Debian GNU/Linux 5.0
Product
linux-2.6
Reference
VENDOR: DSA-2153-1
VENDOR: DSA-2153-1
Id:
DSA-2153-1
Reference:
http://lists.debian.org/debian-security-announce/2011/msg00017.html
CVE: CVE-2010-0435
CVE: CVE-2010-0435
Id:
CVE-2010-0435
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0435
Comment
: The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
RHSA-2010:0627 (REDHAT)
RHSA-2010:0622 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=570528 (CONFIRM)
SUSE-SA:2011:001 (SUSE)
42778 (SECUNIA)
ADV-2011-0012 (VUPEN)
CVE: CVE-2010-3699
CVE: CVE-2010-3699
Id:
CVE-2010-3699
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3699
Comment
: The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
CVSSv2 Score:
2.7
Access vector:
ADJACENT_NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:A/AC:L/Au:S/C:N/I:N/A:P
CWE:
399 (Resource Management Errors)
References:
1024786 (SECTRACK)
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b (CONFIRM)
42372 (SECUNIA)
RHSA-2011:0004 (REDHAT)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
ADV-2011-0213 (VUPEN)
45039 (BID)
SUSE-SA:2011:005 (SUSE)
43056 (SECUNIA)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
CVE: CVE-2010-4158
CVE: CVE-2010-4158
Id:
CVE-2010-4158
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4158
Comment
: The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
20101118 Re: Kernel 0-day (BUGTRAQ)
20101109 Kernel 0-day (BUGTRAQ)
44758 (BID)
https://bugzilla.redhat.com/show_bug.cgi?id=651698 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 (CONFIRM)
[netdev] 20101109 [PATCH] Prevent reading uninitialized memory with socket filters (MLIST)
20101109 Kernel 0-day (FULLDISC)
42745 (SECUNIA)
ADV-2010-3321 (VUPEN)
FEDORA-2010-18983 (FEDORA)
SUSE-SA:2011:002 (SUSE)
RHSA-2010:0958 (REDHAT)
SUSE-SA:2011:001 (SUSE)
42801 (SECUNIA)
42778 (SECUNIA)
ADV-2011-0012 (VUPEN)
42932 (SECUNIA)
SUSE-SA:2010:060 (SUSE)
SUSE-SA:2011:004 (SUSE)
ADV-2011-0124 (VUPEN)
RHSA-2011:0162 (REDHAT)
42963 (SECUNIA)
ADV-2011-0168 (VUPEN)
42884 (SECUNIA)
RHSA-2011:0007 (REDHAT)
RHSA-2011:0017 (REDHAT)
42890 (SECUNIA)
ADV-2011-0375 (VUPEN)
SUSE-SA:2011:008 (SUSE)
ADV-2011-0298 (VUPEN)
SUSE-SA:2011:007 (SUSE)
43291 (SECUNIA)
MDVSA-2011:029 (MANDRIVA)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=57fe93b374a6b8711995c2d466c502af9f3a08bb (MISC)
CVE: CVE-2010-4162
CVE: CVE-2010-4162
Id:
CVE-2010-4162
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4162
Comment
: Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
190 (Integer Overflow or Wraparound)
References:
[oss-security] 20101110 CVE request: kernel: Multiple DoS issues in block layer (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=652529 (CONFIRM)
[oss-security] 20101112 Re: CVE request: kernel: Multiple DoS issues in block layer (MLIST)
42745 (SECUNIA)
FEDORA-2010-18983 (FEDORA)
ADV-2010-3321 (VUPEN)
SUSE-SA:2011:001 (SUSE)
SUSE-SA:2011:002 (SUSE)
42778 (SECUNIA)
44793 (BID)
ADV-2011-0012 (VUPEN)
42801 (SECUNIA)
SUSE-SA:2011:004 (SUSE)
ADV-2011-0124 (VUPEN)
SUSE-SA:2010:060 (SUSE)
42932 (SECUNIA)
RHSA-2011:0007 (REDHAT)
42890 (SECUNIA)
ADV-2011-0298 (VUPEN)
SUSE-SA:2011:007 (SUSE)
MDVSA-2011:029 (MANDRIVA)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cb4644cac4a2797afc847e6c92736664d4b0ea34 (MISC)
CVE: CVE-2010-4163
CVE: CVE-2010-4163
Id:
CVE-2010-4163
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4163
Comment
: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
20 (Improper Input Validation)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=652957 (CONFIRM)
[oss-security] 20101110 CVE request: kernel: Multiple DoS issues in block layer (MLIST)
[oss-security] 20101112 Re: CVE request: kernel: Multiple DoS issues in block layer (MLIST)
[oss-security] 20101129 Re: CVE request: kernel: Multiple DoS issues in block layer (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 (CONFIRM)
SUSE-SA:2011:002 (SUSE)
SUSE-SA:2011:001 (SUSE)
44793 (BID)
42778 (SECUNIA)
ADV-2011-0012 (VUPEN)
42801 (SECUNIA)
42932 (SECUNIA)
SUSE-SA:2011:004 (SUSE)
ADV-2011-0124 (VUPEN)
RHSA-2011:0007 (REDHAT)
42890 (SECUNIA)
SUSE-SA:2011:007 (SUSE)
ADV-2011-0298 (VUPEN)
MDVSA-2011:029 (MANDRIVA)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9284bcf4e335e5f18a8bc7b26461c33ab60d0689 (MISC)
CVE: CVE-2010-4242
CVE: CVE-2010-4242
Id:
CVE-2010-4242
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4242
Comment
: The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver.
CVSSv2 Score:
4
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
http://xorl.wordpress.com/2010/12/01/cve-2010-4242-linux-kernel-bluetooth-hci-uart-invalid-pointer-access/ (MISC)
http://git.kernel.org/linus/c19483cc5e56ac5e22dd19cf25ba210ab1537773 (CONFIRM)
[linux-kernel] 20101007 Peculiar stuff in hci_ath3k/badness in hci_uart (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=641410 (CONFIRM)
RHSA-2011:0004 (REDHAT)
45014 (BID)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
42963 (SECUNIA)
RHSA-2011:0162 (REDHAT)
ADV-2011-0168 (VUPEN)
RHSA-2011:0007 (REDHAT)
42890 (SECUNIA)
43291 (SECUNIA)
ADV-2011-0375 (VUPEN)
SUSE-SA:2011:008 (SUSE)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
kernel-hciuartttyopen-dos(64617) (XF)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
CVE: CVE-2010-4243
CVE: CVE-2010-4243
Id:
CVE-2010-4243
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4243
Comment
: fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
[oss-security] 20101122 CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=625688 (CONFIRM)
[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer (MLIST)
[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 (CONFIRM)
15619 (EXPLOIT-DB)
[linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer (MLIST)
[oss-security] 20101122 Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads (MLIST)
[linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer (MLIST)
http://grsecurity.net/~spender/64bit_dos.c (MISC)
[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer (MLIST)
RHSA-2011:0017 (REDHAT)
42884 (SECUNIA)
45004 (BID)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
linux-kernel-execve-dos(64700) (XF)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c (MISC)
CVE: CVE-2010-4248
CVE: CVE-2010-4248
Id:
CVE-2010-4248
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4248
Comment
: Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
[oss-security] 20101124 Re: CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=656264 (CONFIRM)
[oss-security] 20101123 CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec (MLIST)
45028 (BID)
RHSA-2011:0004 (REDHAT)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
42890 (SECUNIA)
RHSA-2011:0007 (REDHAT)
MDVSA-2011:029 (MANDRIVA)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0a70217107e6f9844628120412cb27bb4cea194 (MISC)
CVE: CVE-2010-4249
CVE: CVE-2010-4249
Id:
CVE-2010-4249
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4249
Comment
: The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
[oss-security] 20101124 CVE request: kernel: unix socket local dos (MLIST)
[oss-security] 20101124 Re: CVE request: kernel: unix socket local dos (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.37-rc3-next-20101125.bz2 (CONFIRM)
[netdev] 20101124 [PATCH] af_unix: limit unix_tot_inflight (MLIST)
45037 (BID)
[linux-kernel] 20101124 [PATCH net-next-2.6] scm: lower SCM_MAX_FD (MLIST)
[linux-kernel] 20101125 Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :( (MLIST)
15622 (EXPLOIT-DB)
https://bugzilla.redhat.com/show_bug.cgi?id=656756 (CONFIRM)
[linux-kernel] 20101123 Unix socket local DOS (OOM) (MLIST)
42354 (SECUNIA)
FEDORA-2010-18983 (FEDORA)
ADV-2010-3321 (VUPEN)
42745 (SECUNIA)
RHSA-2011:0162 (REDHAT)
42963 (SECUNIA)
ADV-2011-0168 (VUPEN)
42890 (SECUNIA)
RHSA-2011:0007 (REDHAT)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9915672d41273f5b77f1b3c29b391ffb7732b84b (MISC)
CVE: CVE-2010-4258
CVE: CVE-2010-4258
Id:
CVE-2010-4258
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4258
Comment
: The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
269 (Improper Privilege Management)
References:
[oss-security] 20101209 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
[oss-security] 20101208 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
[oss-security] 20101202 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
20101207 Linux kernel exploit (FULLDISC)
[oss-security] 20101202 CVE request: kernel: failure to revert address limit override in OOPS error path (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=659567 (CONFIRM)
[linux-kernel] 20101201 [PATCH v2] do_exit(): Make sure we run with get_fs() == USER_DS. (MLIST)
http://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc/ (MISC)
[oss-security] 20101209 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
[oss-security] 20101208 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
[oss-security] 20101202 Re: CVE request: kernel: failure to revert address limit override in OOPS error path (MLIST)
[oss-security] 20101208 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
[linux-kernel] 20101201 Re: [PATCH v2] do_exit(): Make sure we run with get_fs() == USER_DS. (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 (CONFIRM)
[oss-security] 20101202 kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
FEDORA-2010-18983 (FEDORA)
42745 (SECUNIA)
ADV-2010-3321 (VUPEN)
SUSE-SA:2011:002 (SUSE)
SUSE-SA:2011:001 (SUSE)
ADV-2011-0012 (VUPEN)
42778 (SECUNIA)
42801 (SECUNIA)
42932 (SECUNIA)
SUSE-SA:2011:004 (SUSE)
ADV-2011-0124 (VUPEN)
ADV-2011-0213 (VUPEN)
SUSE-SA:2011:005 (SUSE)
43056 (SECUNIA)
ADV-2011-0375 (VUPEN)
SUSE-SA:2011:008 (SUSE)
43291 (SECUNIA)
ADV-2011-0298 (VUPEN)
SUSE-SA:2011:007 (SUSE)
MDVSA-2011:029 (MANDRIVA)
http://googlechromereleases.blogspot.com/2011/01/chrome-os-beta-channel-update.html (CONFIRM)
http://code.google.com/p/chromium-os/issues/detail?id=10234 (CONFIRM)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177 (MISC)
CVE: CVE-2010-4342
CVE: CVE-2010-4342
Id:
CVE-2010-4342
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4342
Comment
: The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE:
476 (NULL Pointer Dereference)
References:
[oss-security] 20101208 CVE request: kernel: NULL pointer dereference in AF_ECONET (MLIST)
[oss-security] 20101209 Re: CVE request: kernel: NULL pointer dereference in AF_ECONET (MLIST)
[netdev] 20101209 NULL dereference in econet AUN-over-UDP receive (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6 (CONFIRM)
[netdev] 20101209 Re: NULL dereference in econet AUN-over-UDP receive (MLIST)
45321 (BID)
ADV-2011-0375 (VUPEN)
43291 (SECUNIA)
SUSE-SA:2011:008 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e085e76cbe558b79b54cbab772f61185879bc64 (MISC)
CVE: CVE-2010-4346
CVE: CVE-2010-4346
Id:
CVE-2010-4346
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4346
Comment
: The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N
CWE:
476 (NULL Pointer Dereference)
References:
[oss-security] 20101209 [taviso@cmpxchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.] (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6 (CONFIRM)
42570 (SECUNIA)
[oss-security] 20101210 Re: Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check (MLIST)
[linux-kernel] 20101209 [PATCH] install_special_mapping skips security_file_mmap check. (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=662189 (CONFIRM)
[oss-security] 20101210 Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check (MLIST)
[oss-security] 20101209 Re: [taviso@cmpxchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.] (MLIST)
45323 (BID)
MDVSA-2011:029 (MANDRIVA)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=462e635e5b73ba9a4c03913b77138cd57ce4b050 (MISC)
CVE: CVE-2010-4526
CVE: CVE-2010-4526
Id:
CVE-2010-4526
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4526
Comment
: Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
[oss-security] 20110104 Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526 (CONFIRM)
[oss-security] 20110104 CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() (MLIST)
RHSA-2011:0163 (REDHAT)
45661 (BID)
42964 (SECUNIA)
ADV-2011-0169 (VUPEN)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
kernel-icmp-message-dos(64616) (XF)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819 (MISC)
CVE: CVE-2010-4527
CVE: CVE-2010-4527
Id:
CVE-2010-4527
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4527
Comment
: The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
[oss-security] 20101230 CVE request: kernel: buffer overflow in OSS load_mixer_volumes (MLIST)
45629 (BID)
https://bugzilla.redhat.com/show_bug.cgi?id=667615 (CONFIRM)
http://xorl.wordpress.com/2011/01/09/cve-2010-4527-linux-kernel-oss-sound-card-driver-buffer-overflow/ (MISC)
[oss-security] 20101231 Re: CVE request: kernel: buffer overflow in OSS load_mixer_volumes (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 (CONFIRM)
42765 (SECUNIA)
SUSE-SA:2011:008 (SUSE)
43291 (SECUNIA)
ADV-2011-0375 (VUPEN)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d81a12bc29ae4038770e05dce4ab7f26fd5880fb (MISC)
CVE: CVE-2010-4529
CVE: CVE-2010-4529
Id:
CVE-2010-4529
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4529
Comment
: Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
191 (Integer Underflow (Wrap or Wraparound))
References:
[oss-security] 20110103 Re: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES (MLIST)
42684 (SECUNIA)
[oss-security] 20101223 CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES (MLIST)
[netdev] 20101222 [PATCH] irda: prevent integer underflow in IRLMP_ENUMDEVICES (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 (CONFIRM)
45556 (BID)
SUSE-SA:2011:008 (SUSE)
43291 (SECUNIA)
ADV-2011-0375 (VUPEN)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdac1e0697356ac212259f2147aa60c72e334861 ()
CVE: CVE-2010-4565
CVE: CVE-2010-4565
Id:
CVE-2010-4565
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4565
Comment
: The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20101220 CVE request: kernel: CAN information leak, 2nd attempt (MLIST)
[netdev] 20101110 Re: [PATCH] Fix CAN info leak/minor heap overflow (MLIST)
[netdev] 20101109 Re: [PATCH] Fix CAN info leak/minor heap overflow (MLIST)
[netdev] 20101102 [SECURITY] CAN info leak/minor heap overflow (MLIST)
[oss-security] 20101104 Re: CVE request: kernel: CAN information leak (MLIST)
[oss-security] 20101103 CVE request: kernel: CAN information leak (MLIST)
44661 (BID)
[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt (MLIST)
[netdev] 20101102 Re: [SECURITY] CAN info leak/minor heap overflow (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=664544 (MISC)
MDVSA-2011:029 (MANDRIVA)
CVE: CVE-2010-4649
CVE: CVE-2010-4649
Id:
CVE-2010-4649
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649
Comment
: Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
190 (Integer Overflow or Wraparound)
References:
46073 (BID)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=667916 (CONFIRM)
RHSA-2011:0927 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7182afea8d1afd432a17c18162cc3fd441d0da93 (MISC)
CVE: CVE-2010-4656
CVE: CVE-2010-4656
Id:
CVE-2010-4656
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4656
Comment
: The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
[oss-security] 20110125 Re: CVE request: linux kernel heap issues (MLIST)
[oss-security] 20110124 Re: CVE request: linux kernel heap issues (MLIST)
46069 (BID)
https://bugzilla.redhat.com/show_bug.cgi?id=672420 (CONFIRM)
[oss-security] 20110124 CVE request: linux kernel heap issues (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 (CONFIRM)
USN-1146-1 (UBUNTU)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3ed780117dbe5acb64280d218f0347f238dafed0 (MISC)
CVE: CVE-2010-4668
CVE: CVE-2010-4668
Id:
CVE-2010-4668
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4668
Comment
: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
[oss-security] 20101130 Re: CVE request: kernel: Multiple DoS issues in block layer (MLIST)
[linux-kernel] 20101129 [PATCH] block: check for proper length of iov entries earlier in blk_rq_map_user_iov() (MLIST)
https://patchwork.kernel.org/patch/363282/ (CONFIRM)
[oss-security] 20101130 Re: CVE request: kernel: Multiple DoS issues in block layer (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc7 (CONFIRM)
[linux-kernel] 20101129 Re: [PATCH] block: check for proper length of iov entries earlier in blk_rq_map_user_iov() (MLIST)
[oss-security] 20101129 Re: CVE request: kernel: Multiple DoS issues in block layer (MLIST)
45660 (BID)
42890 (SECUNIA)
RHSA-2011:0007 (REDHAT)
linux-blkrqmapuseriov-dos(64496) (XF)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5478755616ae2ef1ce144dded589b62b2a50d575 ()
CVE: CVE-2011-0521
CVE: CVE-2011-0521
Id:
CVE-2011-0521
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521
Comment
: The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2 (CONFIRM)
[oss-security] 20110125 Re: Linux kernel av7110 negative array offset (MLIST)
43009 (SECUNIA)
[oss-security] 20110125 Linux kernel av7110 negative array offset (MLIST)
45986 (BID)
1025195 (SECTRACK)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
kernel-av7110ca-privilege-escalation(64988) (XF)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cb26a24ee9706473f31d34cc259f4dcf45cd0644 (MISC)
Content available only for registered users!
ovaldb@altx-soft.com