Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:4590
[Eng]
Version
10
Class
patch
ALTXid
52212
Language
Russian
Severity
High
Title
Обновление SUSE-SU-2014:0287-1 -- устранение уязвимостей в Linux kernel
Description
This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs.
Family
unix
Platform
SUSE Linux Enterprise Server 11
Product
Linux kernel
Reference
VENDOR: SUSE-SU-2014:0287-1
VENDOR: SUSE-SU-2014:0287-1
Id:
SUSE-SU-2014:0287-1
Reference:
https://www.suse.com/support/update/announcement/2014/suse-su-20140287-1.html
CVE: CVE-2011-3593
CVE: CVE-2011-3593
Id:
CVE-2011-3593
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3593
Comment
: A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames.
CVSSv2 Score:
5.7
Access vector:
ADJACENT_NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:A/AC:M/Au:N/C:N/I:N/A:C
CWE:
399 (Resource Management Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=742846 (CONFIRM)
[oss-security] 20120305 CVE-2011-3593 kernel: vlan: fix panic when handling priority tagged frames (MLIST)
https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=fadca7bdc43b02f518585d9547019966415cadfd (MISC)
https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=0e48f8daac293335e16e007663b9f4d248f89f0c (MISC)
CVE: CVE-2012-1601
CVE: CVE-2012-1601
Id:
CVE-2012-1601
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1601
Comment
: The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
399 (Resource Management Errors)
References:
[oss-security] 20120329 Re: CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency (MLIST)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=808199 (CONFIRM)
https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef (CONFIRM)
49928 (SECUNIA)
1026897 (SECTRACK)
SUSE-SU-2012:1679 (SUSE)
openSUSE-SU-2013:0925 (SUSE)
DSA-2469 (DEBIAN)
RHSA-2012:0571 (REDHAT)
RHSA-2012:0676 (REDHAT)
CVE: CVE-2012-2137
CVE: CVE-2012-2137
Id:
CVE-2012-2137
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2137
Comment
: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
RHSA-2012:0743 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=816151 (CONFIRM)
http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html (MISC)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24 (CONFIRM)
USN-1529-1 (UBUNTU)
USN-1607-1 (UBUNTU)
USN-1606-1 (UBUNTU)
USN-1594-1 (UBUNTU)
USN-1609-1 (UBUNTU)
54063 (BID)
50952 (SECUNIA)
50961 (SECUNIA)
openSUSE-SU-2013:0925 (SUSE)
HPSBGN02970 (HP)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed (MISC)
CVE: CVE-2012-2372
CVE: CVE-2012-2372
Id:
CVE-2012-2372
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372
Comment
: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.
CVSSv2 Score:
4.4
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:S/C:N/I:N/A:C
References:
RHSA-2012:0743 (REDHAT)
USN-1529-1 (UBUNTU)
https://bugzilla.redhat.com/show_bug.cgi?id=822754 (CONFIRM)
SUSE-SU-2012:1679 (SUSE)
RHSA-2012:1540 (REDHAT)
54062 (BID)
USN-1556-1 (UBUNTU)
USN-1555-1 (UBUNTU)
HPSBGN02970 (HP)
https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=c7b6a0a1d8d636852be130fa15fa8be10d4704e8 (MISC)
CVE: CVE-2012-2745
CVE: CVE-2012-2745
Id:
CVE-2012-2745
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2745
Comment
: The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=833428 (CONFIRM)
https://github.com/torvalds/linux/commit/79549c6dfda0603dba9a70a53467ce62d9335c33 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2 (CONFIRM)
RHSA-2012:1064 (REDHAT)
USN-1567-1 (UBUNTU)
USN-1606-1 (UBUNTU)
USN-1597-1 (UBUNTU)
54365 (BID)
50853 (SECUNIA)
1027236 (SECTRACK)
50961 (SECUNIA)
50633 (SECUNIA)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=79549c6dfda0603dba9a70a53467ce62d9335c33 (MISC)
CVE: CVE-2012-3375
CVE: CVE-2012-3375
Id:
CVE-2012-3375
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3375
Comment
: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24 (CONFIRM)
https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9 (CONFIRM)
[oss-security] 20120704 Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=837502 (CONFIRM)
USN-1529-1 (UBUNTU)
1027237 (SECTRACK)
51164 (SECUNIA)
https://downloads.avaya.com/css/P8/documents/100165733 (CONFIRM)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d518074a952d33d47c428419693f63389547e9 (MISC)
CVE: CVE-2011-1083
CVE: CVE-2011-1083
Id:
CVE-2011-1083
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1083
Comment
: The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
[linux-kernel] 20110225 [PATCH] optimize epoll loop detection (MLIST)
[oss-security] 20110302 Re: CVE request: kernel: Multiple DoS issues in epoll (MLIST)
[linux-kernel] 20110228 Re: [PATCH] optimize epoll loop detection (MLIST)
[oss-security] 20110301 CVE request: kernel: Multiple DoS issues in epoll (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=681578 (CONFIRM)
43522 (SECUNIA)
71265 (OSVDB)
[linux-kernel] 20110226 Re: [PATCH] optimize epoll loop detection (MLIST)
RHSA-2012:0862 (REDHAT)
48898 (SECUNIA)
48964 (SECUNIA)
SUSE-SU-2012:0616 (SUSE)
SUSE-SU-2012:0554 (SUSE)
48410 (SECUNIA)
48115 (SECUNIA)
CVE: CVE-2012-3412
CVE: CVE-2012-3412
Id:
CVE-2012-3412
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3412
Comment
: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
189 (Numeric Errors)
References:
https://github.com/torvalds/linux/commit/68cb695ccecf949d48949e72f8ce591fdaaa325c (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=844714 (CONFIRM)
[oss-security] 20120803 Remote DoS in Linux sfc driver through TCP MSS option (CVE-2012-3412) (MLIST)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30 (CONFIRM)
USN-1568-1 (UBUNTU)
RHSA-2012:1375 (REDHAT)
USN-1580-1 (UBUNTU)
USN-1567-1 (UBUNTU)
openSUSE-SU-2012:1330 (SUSE)
USN-1572-1 (UBUNTU)
USN-1579-1 (UBUNTU)
RHSA-2012:1430 (REDHAT)
SUSE-SU-2012:1679 (SUSE)
RHSA-2012:1401 (REDHAT)
USN-1577-1 (UBUNTU)
USN-1575-1 (UBUNTU)
RHSA-2012:1347 (REDHAT)
RHSA-2012:1323 (REDHAT)
USN-1578-1 (UBUNTU)
RHSA-2012:1324 (REDHAT)
50633 (SECUNIA)
50732 (SECUNIA)
50811 (SECUNIA)
51193 (SECUNIA)
CVE: CVE-2012-3430
CVE: CVE-2012-3430
Id:
CVE-2012-3430
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3430
Comment
: The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=820039 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44 (CONFIRM)
[oss-security] 20120726 Re: CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory (MLIST)
https://github.com/torvalds/linux/commit/06b6a1cf6e776426766298d055bb3991957d90a7 (CONFIRM)
USN-1568-1 (UBUNTU)
USN-1580-1 (UBUNTU)
USN-1567-1 (UBUNTU)
USN-1572-1 (UBUNTU)
USN-1579-1 (UBUNTU)
SUSE-SU-2012:1679 (SUSE)
USN-1577-1 (UBUNTU)
USN-1575-1 (UBUNTU)
RHSA-2012:1323 (REDHAT)
USN-1578-1 (UBUNTU)
50633 (SECUNIA)
50732 (SECUNIA)
50811 (SECUNIA)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=06b6a1cf6e776426766298d055bb3991957d90a7 (MISC)
CVE: CVE-2012-3511
CVE: CVE-2012-3511
Id:
CVE-2012-3511
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3511
Comment
: Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
https://github.com/torvalds/linux/commit/9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb (CONFIRM)
[oss-security] 20120820 Re: CVE Request -- kernel: mm: use-after-free in madvise_remove() (MLIST)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=849734 (CONFIRM)
USN-1567-1 (UBUNTU)
USN-1572-1 (UBUNTU)
USN-1529-1 (UBUNTU)
USN-1577-1 (UBUNTU)
55151 (BID)
50633 (SECUNIA)
50732 (SECUNIA)
55055 (SECUNIA)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb (MISC)
CVE: CVE-2012-4444
CVE: CVE-2012-4444
Id:
CVE-2012-4444
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4444
Comment
: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
https://bugzilla.redhat.com/show_bug.cgi?id=874835 (CONFIRM)
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 (CONFIRM)
https://github.com/torvalds/linux/commit/70789d7052239992824628db8133de08dc78e593 (CONFIRM)
[oss-security] 20121109 Re: CVE request --- acceptation of overlapping ipv6 fragments (MLIST)
https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf (MISC)
USN-1660-1 (UBUNTU)
USN-1661-1 (UBUNTU)
RHSA-2012:1580 (REDHAT)
SUSE-SU-2013:0856 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=70789d7052239992824628db8133de08dc78e593 (MISC)
CVE: CVE-2012-4530
CVE: CVE-2012-4530
Id:
CVE-2012-4530
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530
Comment
: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20121019 Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() (MLIST)
https://github.com/torvalds/linux/commit/b66c5984017533316fd1951770302649baf1aa33 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.2 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=868285 (CONFIRM)
RHSA-2013:0223 (REDHAT)
SUSE-SU-2013:0674 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b66c5984017533316fd1951770302649baf1aa33 (MISC)
CVE: CVE-2012-4565
CVE: CVE-2012-4565
Id:
CVE-2012-4565
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565
Comment
: The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
189 (Numeric Errors)
References:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.19 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=871848 (CONFIRM)
[oss-security] 20121031 Re: CVE Request -- kernel: net: divide by zero in tcp algorithm illinois (MLIST)
https://github.com/torvalds/linux/commit/8f363b77ee4fbf7c3bbcf5ec2c5ca482d396d664 (CONFIRM)
USN-1648-1 (UBUNTU)
USN-1644-1 (UBUNTU)
USN-1647-1 (UBUNTU)
USN-1649-1 (UBUNTU)
USN-1646-1 (UBUNTU)
USN-1645-1 (UBUNTU)
USN-1652-1 (UBUNTU)
RHSA-2012:1580 (REDHAT)
USN-1651-1 (UBUNTU)
USN-1650-1 (UBUNTU)
56346 (BID)
51409 (SECUNIA)
FEDORA-2012-17479 (FEDORA)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8f363b77ee4fbf7c3bbcf5ec2c5ca482d396d664 (MISC)
CVE: CVE-2012-6537
CVE: CVE-2012-6537
Id:
CVE-2012-6537
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6537
Comment
: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://github.com/torvalds/linux/commit/f778a636713a435d3a922c60b1622a91136560c1 (CONFIRM)
https://github.com/torvalds/linux/commit/7b789836f434c87168eab067cfbed1ec4783dffd (CONFIRM)
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
https://github.com/torvalds/linux/commit/1f86840f897717f86d523a13e99a447e6a5d2fa5 (CONFIRM)
USN-1798-1 (UBUNTU)
USN-1792-1 (UBUNTU)
RHSA-2013:0744 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f778a636713a435d3a922c60b1622a91136560c1 ()
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1f86840f897717f86d523a13e99a447e6a5d2fa5 ()
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b789836f434c87168eab067cfbed1ec4783dffd ()
CVE: CVE-2012-6538
CVE: CVE-2012-6538
Id:
CVE-2012-6538
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6538
Comment
: The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://github.com/torvalds/linux/commit/4c87308bdea31a7b4828a51f6156e6f721a1fcc9 (CONFIRM)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
RHSA-2013:0744 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4c87308bdea31a7b4828a51f6156e6f721a1fcc9 ()
CVE: CVE-2012-6539
CVE: CVE-2012-6539
Id:
CVE-2012-6539
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6539
Comment
: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://github.com/torvalds/linux/commit/43da5f2e0d0c69ded3d51907d9552310a6b545e8 (CONFIRM)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
USN-1798-1 (UBUNTU)
USN-1792-1 (UBUNTU)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43da5f2e0d0c69ded3d51907d9552310a6b545e8 ()
CVE: CVE-2012-6540
CVE: CVE-2012-6540
Id:
CVE-2012-6540
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6540
Comment
: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://github.com/torvalds/linux/commit/2d8a041b7bfe1097af21441cb77d6af95f4f4680 (CONFIRM)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
USN-1798-1 (UBUNTU)
USN-1792-1 (UBUNTU)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2d8a041b7bfe1097af21441cb77d6af95f4f4680 ()
CVE: CVE-2012-6541
CVE: CVE-2012-6541
Id:
CVE-2012-6541
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6541
Comment
: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
https://github.com/torvalds/linux/commit/7b07f8eb75aa3097cdfd4f6eac3da49db787381d (CONFIRM)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b07f8eb75aa3097cdfd4f6eac3da49db787381d ()
CVE: CVE-2012-6542
CVE: CVE-2012-6542
Id:
CVE-2012-6542
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6542
Comment
: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://github.com/torvalds/linux/commit/3592aaeb80290bda0f2cf0b5456c97bfc638b192 (CONFIRM)
USN-1805-1 (UBUNTU)
USN-1808-1 (UBUNTU)
RHSA-2013:1645 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3592aaeb80290bda0f2cf0b5456c97bfc638b192 ()
CVE: CVE-2012-6544
CVE: CVE-2012-6544
Id:
CVE-2012-6544
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6544
Comment
: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee (CONFIRM)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed (CONFIRM)
https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988 (CONFIRM)
USN-1805-1 (UBUNTU)
USN-1808-1 (UBUNTU)
RHSA-2013:1173 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=792039c73cf176c8e39a6e8beef2c94ff46522ed ()
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e15ca9a0ef9a86f0477530b0f44a725d67f889ee ()
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3f68ba07b1da811bf383b4b701b129bfcb2e4988 ()
CVE: CVE-2012-6545
CVE: CVE-2012-6545
Id:
CVE-2012-6545
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6545
Comment
: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://github.com/torvalds/linux/commit/f9432c5ec8b1e9a09b9b0e5569e3c73db8de432a (CONFIRM)
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
https://github.com/torvalds/linux/commit/9ad2de43f1aee7e7274a4e0d41465489299e344b (CONFIRM)
https://github.com/torvalds/linux/commit/9344a972961d1a6d2c04d9008b13617bcb6ec2ef (CONFIRM)
USN-1805-1 (UBUNTU)
USN-1808-1 (UBUNTU)
RHSA-2013:1645 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9344a972961d1a6d2c04d9008b13617bcb6ec2ef ()
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ad2de43f1aee7e7274a4e0d41465489299e344b ()
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f9432c5ec8b1e9a09b9b0e5569e3c73db8de432a ()
CVE: CVE-2012-6546
CVE: CVE-2012-6546
Id:
CVE-2012-6546
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6546
Comment
: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
https://github.com/torvalds/linux/commit/3c0c5cfdcd4d69ffc4b9c0907cec99039f30a50a (CONFIRM)
https://github.com/torvalds/linux/commit/e862f1a9b7df4e8196ebec45ac62295138aa3fc2 (CONFIRM)
RHSA-2013:0744 (REDHAT)
USN-1805-1 (UBUNTU)
USN-1808-1 (UBUNTU)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e862f1a9b7df4e8196ebec45ac62295138aa3fc2 ()
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c0c5cfdcd4d69ffc4b9c0907cec99039f30a50a ()
CVE: CVE-2012-6547
CVE: CVE-2012-6547
Id:
CVE-2012-6547
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6547
Comment
: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://github.com/torvalds/linux/commit/a117dacde0288f3ec60b6e5bcedae8fa37ee0dfc (CONFIRM)
RHSA-2013:0744 (REDHAT)
MDVSA-2013:176 (MANDRIVA)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a117dacde0288f3ec60b6e5bcedae8fa37ee0dfc ()
CVE: CVE-2012-6548
CVE: CVE-2012-6548
Id:
CVE-2012-6548
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6548
Comment
: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://github.com/torvalds/linux/commit/0143fc5e9f6f5aad4764801015bc8d4b4a278200 (CONFIRM)
USN-1813-1 (UBUNTU)
USN-1812-1 (UBUNTU)
USN-1809-1 (UBUNTU)
USN-1805-1 (UBUNTU)
USN-1808-1 (UBUNTU)
USN-1811-1 (UBUNTU)
USN-1814-1 (UBUNTU)
openSUSE-SU-2013:1187 (SUSE)
MDVSA-2013:176 (MANDRIVA)
RHSA-2013:1051 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0143fc5e9f6f5aad4764801015bc8d4b4a278200 ()
CVE: CVE-2012-6549
CVE: CVE-2012-6549
Id:
CVE-2012-6549
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6549
Comment
: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://github.com/torvalds/linux/commit/fe685aabf7c8c9f138e5ea900954d295bf229175 (CONFIRM)
[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2 (CONFIRM)
USN-1829-1 (UBUNTU)
USN-1813-1 (UBUNTU)
USN-1812-1 (UBUNTU)
USN-1809-1 (UBUNTU)
USN-1811-1 (UBUNTU)
USN-1814-1 (UBUNTU)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1187 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fe685aabf7c8c9f138e5ea900954d295bf229175 ()
CVE: CVE-2013-0160
CVE: CVE-2013-0160
Id:
CVE-2013-0160
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160
Comment
: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=892983 (CONFIRM)
[oss-security] 20130107 Re: /dev/ptmx timing (MLIST)
openSUSE-SU-2013:0395 (SUSE)
SUSE-SU-2013:0674 (SUSE)
openSUSE-SU-2013:0925 (SUSE)
openSUSE-SU-2013:1187 (SUSE)
USN-2129-1 (UBUNTU)
USN-2128-1 (UBUNTU)
SUSE-SU-2013:1182 (SUSE)
CVE: CVE-2013-0216
CVE: CVE-2013-0216
Id:
CVE-2013-0216
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0216
Comment
: The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.
CVSSv2 Score:
5.2
Access vector:
ADJACENT_NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:A/AC:M/Au:S/C:N/I:N/A:C
CWE:
20 (Improper Input Validation)
References:
https://github.com/torvalds/linux/commit/48856286b64e4b66ec62b94e504d0b29c1ade664 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=910883 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.8 (CONFIRM)
[oss-security] 20130205 Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. (MLIST)
openSUSE-SU-2013:0395 (SUSE)
SUSE-SU-2013:0674 (SUSE)
openSUSE-SU-2013:0925 (SUSE)
MDVSA-2013:176 (MANDRIVA)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=48856286b64e4b66ec62b94e504d0b29c1ade664 (MISC)
CVE: CVE-2013-0231
CVE: CVE-2013-0231
Id:
CVE-2013-0231
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
Comment
: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
52059 (SECUNIA)
89903 (OSVDB)
[oss-security] 20130205 Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. (MLIST)
57740 (BID)
DSA-2632 (DEBIAN)
openSUSE-SU-2013:0395 (SUSE)
SUSE-SU-2013:0674 (SUSE)
openSUSE-SU-2013:0925 (SUSE)
xen-pcibackenablemsi-dos(81923) (XF)
CVE: CVE-2013-0268
CVE: CVE-2013-0268
Id:
CVE-2013-0268
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0268
Comment
: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=908693 (CONFIRM)
[oss-security] 20130207 Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation (MLIST)
https://github.com/torvalds/linux/commit/c903f0456bc69176912dee6dd25c6a66ee1aed00 (CONFIRM)
SUSE-SU-2013:0674 (SUSE)
openSUSE-SU-2013:1187 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c903f0456bc69176912dee6dd25c6a66ee1aed00 (MISC)
CVE: CVE-2013-0310
CVE: CVE-2013-0310
Id:
CVE-2013-0310
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0310
Comment
: The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call.
CVSSv2 Score:
6.6
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:S/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8 (CONFIRM)
https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=912900 (CONFIRM)
[oss-security] 20130219 Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference (MLIST)
RHSA-2013:0496 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89d7ae34cdda4195809a5a987f697a517a2a3177 (MISC)
CVE: CVE-2013-0343
CVE: CVE-2013-0343
Id:
CVE-2013-0343
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0343
Comment
: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.
CVSSv2 Score:
3.2
Access vector:
ADJACENT_NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:A/AC:H/Au:N/C:P/I:N/A:P
References:
[oss-security] 20130116 Re: Linux kernel handling of IPv6 temporary addresses (MLIST)
[oss-security] 20121205 Re: Linux kernel handling of IPv6 temporary addresses (MLIST)
[oss-security] 20130222 Re: Linux kernel handling of IPv6 temporary addresses (MLIST)
[oss-security] 20130121 Re: Linux kernel handling of IPv6 temporary addresses (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=914664 (CONFIRM)
USN-1977-1 (UBUNTU)
USN-1976-1 (UBUNTU)
RHSA-2013:1449 (REDHAT)
RHSA-2013:1490 (REDHAT)
USN-2023-1 (UBUNTU)
USN-2050-1 (UBUNTU)
USN-2022-1 (UBUNTU)
USN-2019-1 (UBUNTU)
USN-2024-1 (UBUNTU)
RHSA-2013:1645 (REDHAT)
USN-2020-1 (UBUNTU)
USN-2038-1 (UBUNTU)
USN-2039-1 (UBUNTU)
USN-2021-1 (UBUNTU)
openSUSE-SU-2014:0204 (SUSE)
CVE: CVE-2013-0349
CVE: CVE-2013-0349
Id:
CVE-2013-0349
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0349
Comment
: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=914298 (CONFIRM)
[oss-security] 20130222 Re: CVE request: Linux kernel: Bluetooth HIDP information disclosure (MLIST)
https://github.com/torvalds/linux/commit/0a9ab9bdb3e891762553f667066190c1d22ad62b (CONFIRM)
RHSA-2013:0744 (REDHAT)
USN-1805-1 (UBUNTU)
USN-1808-1 (UBUNTU)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0a9ab9bdb3e891762553f667066190c1d22ad62b (MISC)
CVE: CVE-2013-0871
CVE: CVE-2013-0871
Id:
CVE-2013-0871
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871
Comment
: Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
SUSE-SU-2013:0341 ()
[oss-security] 20130215 Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) ()
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9899d11f654474d2d54ea52ceaa2a1f4db3abd68 ()
USN-1738-1 ()
USN-1740-1 ()
USN-1742-1 ()
USN-1745-1 ()
USN-1743-1 ()
https://bugzilla.redhat.com/show_bug.cgi?id=911937 ()
SUSE-SU-2013:0674 ()
https://github.com/torvalds/linux/commit/9899d11f654474d2d54ea52ceaa2a1f4db3abd68 ()
RHSA-2013:0567 ()
USN-1744-1 ()
USN-1736-1 ()
RHSA-2013:0661 ()
USN-1739-1 ()
openSUSE-SU-2013:0925 ()
RHSA-2013:0662 ()
USN-1741-1 ()
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.5 ()
DSA-2632 ()
USN-1737-1 ()
RHSA-2013:0695 ()
CVE: CVE-2013-0914
CVE: CVE-2013-0914
Id:
CVE-2013-0914
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914
Comment
: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.
CVSSv2 Score:
3.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
USN-1796-1 ()
openSUSE-SU-2013:1187 ()
https://github.com/torvalds/linux/commit/2ca39528c01a933f6689cd6505ce65bd6d68a530 ()
MDVSA-2013:176 ()
USN-1797-1 ()
USN-1788-1 ()
RHSA-2013:1051 ()
USN-1793-1 ()
https://bugzilla.redhat.com/show_bug.cgi?id=920499 ()
USN-1792-1 ()
openSUSE-SU-2013:1971 ()
USN-1794-1 ()
USN-1795-1 ()
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2ca39528c01a933f6689cd6505ce65bd6d68a530 ()
[oss-security] 20130311 CVE-2013-0914 Linux kernel sa_restorer information leak ()
USN-1787-1 ()
USN-1798-1 ()
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4 ()
CVE: CVE-2013-1767
CVE: CVE-2013-1767
Id:
CVE-2013-1767
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767
Comment
: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=915592 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10 (CONFIRM)
[oss-security] 20130225 Re: kernel: tmpfs use-after-free (MLIST)
https://github.com/torvalds/linux/commit/5f00110f7273f9ff04ac69a5f85bb535a4fd0987 (CONFIRM)
USN-1787-1 (UBUNTU)
USN-1788-1 (UBUNTU)
USN-1798-1 (UBUNTU)
USN-1795-1 (UBUNTU)
USN-1796-1 (UBUNTU)
USN-1793-1 (UBUNTU)
USN-1794-1 (UBUNTU)
USN-1797-1 (UBUNTU)
USN-1792-1 (UBUNTU)
RHSA-2013:0744 (REDHAT)
openSUSE-SU-2013:0847 (SUSE)
RHSA-2013:0882 (REDHAT)
RHSA-2013:0928 (REDHAT)
openSUSE-SU-2013:0925 (SUSE)
MDVSA-2013:176 (MANDRIVA)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f00110f7273f9ff04ac69a5f85bb535a4fd0987 (MISC)
CVE: CVE-2013-1773
CVE: CVE-2013-1773
Id:
CVE-2013-1773
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1773
Comment
: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd (CONFIRM)
88310 (OSVDB)
https://bugzilla.redhat.com/show_bug.cgi?id=916115 (CONFIRM)
23248 (EXPLOIT-DB)
http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2 (CONFIRM)
[oss-security] 20130226 Re: CVE request - Linux kernel: VFAT slab-based buffer overflow (MLIST)
RHSA-2013:0744 (REDHAT)
RHSA-2013:0928 (REDHAT)
RHSA-2013:1026 (REDHAT)
58200 (BID)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd (MISC)
CVE: CVE-2013-1774
CVE: CVE-2013-1774
Id:
CVE-2013-1774
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
Comment
: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.
CVSSv2 Score:
4
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:N/I:N/A:C
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=916191 (CONFIRM)
[oss-security] 20130227 Re: CVE request: Linux kernel: USB: io_ti: NULL pointer dereference (MLIST)
https://github.com/torvalds/linux/commit/1ee0a224bc9aad1de496c795f96bc6ba2c394811 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4 (CONFIRM)
RHSA-2013:0744 (REDHAT)
USN-1805-1 (UBUNTU)
USN-1808-1 (UBUNTU)
openSUSE-SU-2013:0847 (SUSE)
openSUSE-SU-2013:0925 (SUSE)
http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/ (MISC)
SUSE-SU-2013:1474 (SUSE)
SUSE-SU-2013:1182 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811 (MISC)
CVE: CVE-2013-1792
CVE: CVE-2013-1792
Id:
CVE-2013-1792
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1792
Comment
: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=916646 (CONFIRM)
[oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings() (MLIST)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3 (CONFIRM)
USN-1787-1 (UBUNTU)
USN-1788-1 (UBUNTU)
USN-1798-1 (UBUNTU)
USN-1796-1 (UBUNTU)
USN-1793-1 (UBUNTU)
USN-1794-1 (UBUNTU)
USN-1797-1 (UBUNTU)
USN-1792-1 (UBUNTU)
USN-1795-1 (UBUNTU)
RHSA-2013:0744 (REDHAT)
openSUSE-SU-2013:1187 (SUSE)
MDVSA-2013:176 (MANDRIVA)
https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087 (CONFIRM)
openSUSE-SU-2014:0204 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0da9dfdd2cd9889201bc6f6f43580c99165cd087 (MISC)
CVE: CVE-2013-1796
CVE: CVE-2013-1796
Id:
CVE-2013-1796
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1796
Comment
: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.
CVSSv2 Score:
6.8
Access vector:
ADJACENT_NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:A/AC:H/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://github.com/torvalds/linux/commit/c300aa64ddf57d9c5d9c898a64b36877345dd4a9 (CONFIRM)
[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8] (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=917012 (CONFIRM)
USN-1813-1 (UBUNTU)
USN-1812-1 (UBUNTU)
RHSA-2013:0744 (REDHAT)
RHSA-2013:0727 (REDHAT)
USN-1809-1 (UBUNTU)
RHSA-2013:0746 (REDHAT)
USN-1805-1 (UBUNTU)
USN-1808-1 (UBUNTU)
openSUSE-SU-2013:0847 (SUSE)
RHSA-2013:0928 (REDHAT)
openSUSE-SU-2013:0925 (SUSE)
openSUSE-SU-2013:1187 (SUSE)
MDVSA-2013:176 (MANDRIVA)
RHSA-2013:1026 (REDHAT)
58607 (BID)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c300aa64ddf57d9c5d9c898a64b36877345dd4a9 (MISC)
CVE: CVE-2013-1797
CVE: CVE-2013-1797
Id:
CVE-2013-1797
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1797
Comment
: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.
CVSSv2 Score:
6.8
Access vector:
ADJACENT_NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:A/AC:H/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=917013 (CONFIRM)
https://github.com/torvalds/linux/commit/0b79459b482e85cb7426aa7da683a9f2c97aeae1 (CONFIRM)
[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8] (MLIST)
USN-1813-1 (UBUNTU)
USN-1812-1 (UBUNTU)
RHSA-2013:0744 (REDHAT)
RHSA-2013:0727 (REDHAT)
USN-1809-1 (UBUNTU)
RHSA-2013:0746 (REDHAT)
openSUSE-SU-2013:0847 (SUSE)
RHSA-2013:0928 (REDHAT)
openSUSE-SU-2013:0925 (SUSE)
openSUSE-SU-2013:1187 (SUSE)
MDVSA-2013:176 (MANDRIVA)
RHSA-2013:1026 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0b79459b482e85cb7426aa7da683a9f2c97aeae1 (MISC)
CVE: CVE-2013-1798
CVE: CVE-2013-1798
Id:
CVE-2013-1798
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798
Comment
: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
CVSSv2 Score:
6.2
Access vector:
ADJACENT_NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:A/AC:H/Au:N/C:C/I:N/A:C
CWE:
20 (Improper Input Validation)
References:
[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8] (MLIST)
https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=917017 (CONFIRM)
USN-1813-1 (UBUNTU)
USN-1812-1 (UBUNTU)
RHSA-2013:0744 (REDHAT)
RHSA-2013:0727 (REDHAT)
USN-1809-1 (UBUNTU)
RHSA-2013:0746 (REDHAT)
openSUSE-SU-2013:0847 (SUSE)
RHSA-2013:0928 (REDHAT)
openSUSE-SU-2013:0925 (SUSE)
openSUSE-SU-2013:1187 (SUSE)
MDVSA-2013:176 (MANDRIVA)
RHSA-2013:1026 (REDHAT)
http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html (MISC)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2c118bfab8bc6b8bb213abfc35201e441693d55 (MISC)
CVE: CVE-2013-1827
CVE: CVE-2013-1827
Id:
CVE-2013-1827
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1827
Comment
: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
https://bugzilla.redhat.com/show_bug.cgi?id=919164 (CONFIRM)
[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs (MLIST)
https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4 (CONFIRM)
RHSA-2013:0744 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=276bdb82dedb290511467a5a4fdbe9f0b52dce6f (MISC)
CVE: CVE-2013-1928
CVE: CVE-2013-1928
Id:
CVE-2013-1928
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1928
Comment
: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130405 Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=949567 (CONFIRM)
[oss-security] 20130409 Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE (MLIST)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.5 (CONFIRM)
https://github.com/torvalds/linux/commit/12176503366885edd542389eed3aaf94be163fdb (CONFIRM)
USN-1829-1 (UBUNTU)
SUSE-SU-2013:0856 (SUSE)
openSUSE-SU-2013:0847 (SUSE)
RHSA-2013:1645 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=12176503366885edd542389eed3aaf94be163fdb (MISC)
CVE: CVE-2013-1943
CVE: CVE-2013-1943
Id:
CVE-2013-1943
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1943
Comment
: The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
CVSSv2 Score:
4.4
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
http://web.archive.org/web/20130329070349/http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=950490 (CONFIRM)
https://github.com/torvalds/linux/commit/fa3d315a4ce2c0891cdde262562e710d95fba19e (CONFIRM)
USN-1939-1 (UBUNTU)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa3d315a4ce2c0891cdde262562e710d95fba19e (MISC)
CVE: CVE-2013-2015
CVE: CVE-2013-2015
Id:
CVE-2013-2015
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2015
Comment
: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
399 (Resource Management Errors)
References:
[oss-security] 20130426 Re: CVE request: Linux kernel: ext4: hang during mount(8) (MLIST)
https://github.com/torvalds/linux/commit/0e9a9a1ad619e7e987815d20262d36a2f95717ca (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.3 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=957123 (CONFIRM)
SUSE-SU-2016:2074 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e9a9a1ad619e7e987815d20262d36a2f95717ca (MISC)
CVE: CVE-2013-2141
CVE: CVE-2013-2141
Id:
CVE-2013-2141
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2141
Comment
: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
399 (Resource Management Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=970873 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 (CONFIRM)
https://github.com/torvalds/linux/commit/b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f (CONFIRM)
[oss-security] 20130604 Re: CVE Request: kernel info leak in tkill/tgkill (MLIST)
MDVSA-2013:176 (MANDRIVA)
USN-1899-1 (UBUNTU)
USN-1900-1 (UBUNTU)
55055 (SECUNIA)
DSA-2766 (DEBIAN)
openSUSE-SU-2013:1971 (SUSE)
RHSA-2013:1801 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f (MISC)
CVE: CVE-2013-2147
CVE: CVE-2013-2147
Id:
CVE-2013-2147
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2147
Comment
: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
399 (Resource Management Errors)
References:
[oss-security] 20130605 Re: CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl() (MLIST)
[linux-kernel] 20130603 [patch] cciss: info leak in cciss_ioctl32_passthru() (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=971242 (CONFIRM)
[linux-kernel] 20130603 [patch] cpqarray: info leak in ida_locked_ioctl() (MLIST)
USN-1999-1 (UBUNTU)
USN-1997-1 (UBUNTU)
USN-1994-1 (UBUNTU)
USN-1996-1 (UBUNTU)
USN-2023-1 (UBUNTU)
USN-2050-1 (UBUNTU)
USN-2017-1 (UBUNTU)
USN-2020-1 (UBUNTU)
RHSA-2013:1166 (REDHAT)
SUSE-SU-2015:0812 (SUSE)
USN-2016-1 (UBUNTU)
USN-2015-1 (UBUNTU)
CVE: CVE-2013-2164
CVE: CVE-2013-2164
Id:
CVE-2013-2164
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
Comment
: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=973100 (CONFIRM)
[oss-security] 20130610 Re: CVE Request: Linux Kernel - Leak information in cdrom driver. (MLIST)
http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2 (CONFIRM)
USN-1912-1 (UBUNTU)
USN-1913-1 (UBUNTU)
SUSE-SU-2013:1473 (SUSE)
SUSE-SU-2013:1474 (SUSE)
USN-1942-1 (UBUNTU)
USN-1941-1 (UBUNTU)
DSA-2766 (DEBIAN)
openSUSE-SU-2013:1971 (SUSE)
RHSA-2013:1645 (REDHAT)
RHSA-2013:1166 (REDHAT)
CVE: CVE-2013-2232
CVE: CVE-2013-2232
Id:
CVE-2013-2232
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
Comment
: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
20 (Improper Input Validation)
References:
[oss-security] 20130702 Re: CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg (MLIST)
https://github.com/torvalds/linux/commit/a963a37d384d71ad43b3e9e79d68d42fbe0901f3 (CONFIRM)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2 (CONFIRM)
USN-1912-1 (UBUNTU)
USN-1913-1 (UBUNTU)
SUSE-SU-2013:1473 (SUSE)
SUSE-SU-2013:1474 (SUSE)
USN-1946-1 (UBUNTU)
USN-1945-1 (UBUNTU)
USN-1947-1 (UBUNTU)
USN-1944-1 (UBUNTU)
USN-1943-1 (UBUNTU)
USN-1941-1 (UBUNTU)
USN-1938-1 (UBUNTU)
USN-1942-1 (UBUNTU)
DSA-2766 (DEBIAN)
openSUSE-SU-2013:1971 (SUSE)
RHSA-2013:1166 (REDHAT)
RHSA-2013:1173 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a963a37d384d71ad43b3e9e79d68d42fbe0901f3 (MISC)
CVE: CVE-2013-2234
CVE: CVE-2013-2234
Id:
CVE-2013-2234
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
Comment
: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
[oss-security] 20130702 Re: CVE Request: information leak in AF_KEY notify messages (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=980995 (CONFIRM)
https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887 (CONFIRM)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2 (CONFIRM)
USN-1912-1 (UBUNTU)
USN-1913-1 (UBUNTU)
SUSE-SU-2013:1473 (SUSE)
SUSE-SU-2013:1474 (SUSE)
USN-1946-1 (UBUNTU)
USN-1945-1 (UBUNTU)
USN-1947-1 (UBUNTU)
USN-1944-1 (UBUNTU)
USN-1943-1 (UBUNTU)
USN-1941-1 (UBUNTU)
USN-1938-1 (UBUNTU)
USN-1942-1 (UBUNTU)
DSA-2766 (DEBIAN)
openSUSE-SU-2013:1971 (SUSE)
RHSA-2013:1645 (REDHAT)
RHSA-2013:1166 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887 (MISC)
CVE: CVE-2013-2237
CVE: CVE-2013-2237
Id:
CVE-2013-2237
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
Comment
: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2 (CONFIRM)
[oss-security] 20130703 Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=981220 (CONFIRM)
https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40 (CONFIRM)
USN-1912-1 (UBUNTU)
USN-1913-1 (UBUNTU)
SUSE-SU-2013:1473 (SUSE)
SUSE-SU-2013:1474 (SUSE)
USN-1972-1 (UBUNTU)
USN-1973-1 (UBUNTU)
USN-1970-1 (UBUNTU)
USN-1993-1 (UBUNTU)
USN-1995-1 (UBUNTU)
USN-1998-1 (UBUNTU)
USN-1992-1 (UBUNTU)
DSA-2766 (DEBIAN)
openSUSE-SU-2013:1971 (SUSE)
RHSA-2013:1166 (REDHAT)
RHSA-2013:1173 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=85dfb745ee40232876663ae206cba35f24ab2a40 (MISC)
CVE: CVE-2013-2634
CVE: CVE-2013-2634
Id:
CVE-2013-2634
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2634
Comment
: net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
399 (Resource Management Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=923652 (CONFIRM)
https://github.com/torvalds/linux/commit/29cd8ae0e1a39e239a3a7b67da1986add1199fc0 (CONFIRM)
[oss-security] 20130320 Re: Linux kernel: net - three info leaks in rtnl (MLIST)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4 (CONFIRM)
USN-1829-1 (UBUNTU)
USN-1813-1 (UBUNTU)
USN-1812-1 (UBUNTU)
USN-1809-1 (UBUNTU)
USN-1811-1 (UBUNTU)
USN-1814-1 (UBUNTU)
openSUSE-SU-2013:1187 (SUSE)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1971 (SUSE)
RHSA-2013:1051 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=29cd8ae0e1a39e239a3a7b67da1986add1199fc0 ()
CVE: CVE-2013-2851
CVE: CVE-2013-2851
Id:
CVE-2013-2851
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2851
Comment
: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.
CVSSv2 Score:
6
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:S/C:C/I:C/A:C
CWE:
134 (Uncontrolled Format String)
References:
RHSA-2013:1783 ()
[linux-kernel] 20130606 [PATCH 1/8] block: do not pass disk names as format strings ()
USN-1913-1 ()
SUSE-SU-2013:1473 ()
RHSA-2013:1645 ()
DSA-2766 ()
https://bugzilla.redhat.com/show_bug.cgi?id=969515 ()
openSUSE-SU-2013:1971 ()
SUSE-SU-2013:1474 ()
RHSA-2014:0284 ()
USN-1941-1 ()
[oss-security] 20130606 Linux kernel format string flaws ()
USN-1942-1 ()
USN-1912-1 ()
CVE: CVE-2013-2852
CVE: CVE-2013-2852
Id:
CVE-2013-2852
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
Comment
: Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
134 (Uncontrolled Format String)
References:
USN-1919-1 ()
http://git.kernel.org/cgit/linux/kernel/git/linville/wireless.git/commit/?id=9538cbaab6e8b8046039b4b2eb6c9d614dc782bd ()
USN-1899-1 ()
RHSA-2013:1051 ()
SUSE-SU-2013:1473 ()
USN-1920-1 ()
USN-1915-1 ()
DSA-2766 ()
openSUSE-SU-2013:1971 ()
USN-1918-1 ()
USN-1930-1 ()
USN-1917-1 ()
USN-1916-1 ()
RHSA-2013:1450 ()
https://bugzilla.redhat.com/show_bug.cgi?id=969518 ()
[oss-security] 20130606 Linux kernel format string flaws ()
USN-1900-1 ()
USN-1914-1 ()
CVE: CVE-2013-2888
CVE: CVE-2013-2888
Id:
CVE-2013-2888
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2888
Comment
: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
20 (Improper Input Validation)
References:
USN-2024-1 ()
[linux-input] 20130828 [PATCH 01/14] HID: validate HID report id size ()
RHSA-2013:1490 ()
USN-1977-1 ()
USN-2039-1 ()
USN-2022-1 ()
[oss-security] 20130828 Linux HID security flaws ()
RHSA-2013:1645 ()
USN-1995-1 ()
USN-2038-1 ()
DSA-2766 ()
USN-2021-1 ()
USN-1976-1 ()
USN-2019-1 ()
USN-1998-1 ()
USN-2050-1 ()
CVE: CVE-2013-2889
CVE: CVE-2013-2889
Id:
CVE-2013-2889
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889
Comment
: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
USN-2015-1 ()
USN-2024-1 ()
USN-2039-1 ()
USN-2022-1 ()
[oss-security] 20130828 Linux HID security flaws ()
RHSA-2013:1645 ()
USN-2016-1 ()
USN-2038-1 ()
USN-2020-1 ()
USN-2021-1 ()
USN-2019-1 ()
62042 ()
[linux-input] 20130828 [PATCH 03/14] HID: zeroplus: validate output report details ()
USN-2023-1 ()
USN-2050-1 ()
CVE: CVE-2013-2892
CVE: CVE-2013-2892
Id:
CVE-2013-2892
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2892
Comment
: drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
USN-2024-1 ()
RHSA-2013:1490 ()
USN-1977-1 ()
USN-2039-1 ()
USN-2022-1 ()
[oss-security] 20130828 Linux HID security flaws ()
RHSA-2013:1645 ()
USN-1995-1 ()
USN-2038-1 ()
DSA-2766 ()
USN-2021-1 ()
USN-1976-1 ()
USN-2019-1 ()
62049 ()
USN-1998-1 ()
[linux-input] 20130828 [PATCH 06/14] HID: pantherlord: validate output report details ()
USN-2050-1 ()
CVE: CVE-2013-2893
CVE: CVE-2013-2893
Id:
CVE-2013-2893
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893
Comment
: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
USN-2015-1 ()
USN-2024-1 ()
[linux-input] 20130828 [PATCH 07/14] HID: LG: validate HID output report details ()
RHSA-2013:1490 ()
USN-2039-1 ()
USN-2022-1 ()
[oss-security] 20130828 Linux HID security flaws ()
USN-2016-1 ()
USN-2038-1 ()
USN-2020-1 ()
USN-2021-1 ()
SUSE-SU-2015:0481 ()
openSUSE-SU-2015:0566 ()
USN-2019-1 ()
62050 ()
USN-2023-1 ()
USN-2050-1 ()
CVE: CVE-2013-2897
CVE: CVE-2013-2897
Id:
CVE-2013-2897
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897
Comment
: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
20 (Improper Input Validation)
References:
USN-2015-1 ()
USN-2024-1 ()
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54 ()
62044 ()
[linux-input] 20130828 [PATCH 11/14] HID: multitouch: validate feature report details ()
USN-2039-1 ()
USN-2022-1 ()
[oss-security] 20130828 Linux HID security flaws ()
USN-2016-1 ()
USN-2038-1 ()
USN-2020-1 ()
USN-2021-1 ()
SUSE-SU-2015:0481 ()
openSUSE-SU-2015:0566 ()
USN-2019-1 ()
USN-2023-1 ()
USN-2050-1 ()
CVE: CVE-2013-2929
CVE: CVE-2013-2929
Id:
CVE-2013-2929
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929
Comment
: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.
CVSSv2 Score:
3.3
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
RHSA-2014:0159 ()
64111 ()
RHSA-2014:0285 ()
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54 ()
USN-2110-1 ()
USN-2129-1 ()
USN-2115-1 ()
USN-2128-1 ()
USN-2116-1 ()
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d049f74f2dbe71354d43d393ac3a188947811348 ()
USN-2114-1 ()
USN-2070-1 ()
https://bugzilla.redhat.com/show_bug.cgi?id=1028148 ()
USN-2112-1 ()
SUSE-SU-2015:0481 ()
openSUSE-SU-2015:0566 ()
USN-2109-1 ()
RHSA-2018:1252 ()
USN-2111-1 ()
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.2 ()
RHSA-2014:0100 ()
USN-2075-1 ()
https://github.com/torvalds/linux/commit/d049f74f2dbe71354d43d393ac3a188947811348 ()
CVE: CVE-2013-3222
CVE: CVE-2013-3222
Id:
CVE-2013-3222
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222
Comment
: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
[linux-kernel] 20130414 Linux 3.9-rc7 (MLIST)
[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9 (MLIST)
https://github.com/torvalds/linux/commit/9b3e617f3df53822345a8573b6d358f6b9e5ed87 (CONFIRM)
USN-1837-1 (UBUNTU)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1187 (SUSE)
FEDORA-2013-6537 (FEDORA)
FEDORA-2013-6999 (FEDORA)
openSUSE-SU-2013:1971 (SUSE)
RHSA-2013:1051 (REDHAT)
SUSE-SU-2013:1182 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9b3e617f3df53822345a8573b6d358f6b9e5ed87 ()
CVE: CVE-2013-3223
CVE: CVE-2013-3223
Id:
CVE-2013-3223
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3223
Comment
: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9 (MLIST)
https://github.com/torvalds/linux/commit/ef3313e84acbf349caecae942ab3ab731471f1a1 (CONFIRM)
[linux-kernel] 20130414 Linux 3.9-rc7 (MLIST)
USN-1837-1 (UBUNTU)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1187 (SUSE)
FEDORA-2013-6537 (FEDORA)
FEDORA-2013-6999 (FEDORA)
openSUSE-SU-2013:1971 (SUSE)
SUSE-SU-2013:1182 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef3313e84acbf349caecae942ab3ab731471f1a1 ()
CVE: CVE-2013-3224
CVE: CVE-2013-3224
Id:
CVE-2013-3224
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224
Comment
: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9 (MLIST)
[linux-kernel] 20130414 Linux 3.9-rc7 (MLIST)
https://github.com/torvalds/linux/commit/4683f42fde3977bdb4e8a09622788cc8b5313778 (CONFIRM)
USN-1837-1 (UBUNTU)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1187 (SUSE)
FEDORA-2013-6537 (FEDORA)
FEDORA-2013-6999 (FEDORA)
openSUSE-SU-2013:1971 (SUSE)
RHSA-2013:1051 (REDHAT)
SUSE-SU-2013:1182 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4683f42fde3977bdb4e8a09622788cc8b5313778 ()
CVE: CVE-2013-3225
CVE: CVE-2013-3225
Id:
CVE-2013-3225
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3225
Comment
: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
[linux-kernel] 20130414 Linux 3.9-rc7 (MLIST)
https://github.com/torvalds/linux/commit/e11e0455c0d7d3d62276a0c55d9dfbc16779d691 (CONFIRM)
[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9 (MLIST)
USN-1837-1 (UBUNTU)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1187 (SUSE)
FEDORA-2013-6537 (FEDORA)
FEDORA-2013-6999 (FEDORA)
RHSA-2013:1051 (REDHAT)
SUSE-SU-2013:1182 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e11e0455c0d7d3d62276a0c55d9dfbc16779d691 ()
CVE: CVE-2013-3228
CVE: CVE-2013-3228
Id:
CVE-2013-3228
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3228
Comment
: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9 (MLIST)
[linux-kernel] 20130414 Linux 3.9-rc7 (MLIST)
USN-1837-1 (UBUNTU)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1187 (SUSE)
https://github.com/torvalds/linux/commit/5ae94c0d2f0bed41d6718be743985d61b7f5c47d (CONFIRM)
FEDORA-2013-6537 (FEDORA)
FEDORA-2013-6999 (FEDORA)
openSUSE-SU-2013:1971 (SUSE)
SUSE-SU-2013:1182 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ae94c0d2f0bed41d6718be743985d61b7f5c47d ()
CVE: CVE-2013-3229
CVE: CVE-2013-3229
Id:
CVE-2013-3229
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3229
Comment
: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9 (MLIST)
[linux-kernel] 20130414 Linux 3.9-rc7 (MLIST)
USN-1837-1 (UBUNTU)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1187 (SUSE)
https://github.com/torvalds/linux/commit/a5598bd9c087dc0efc250a5221e5d0e6f584ee88 (CONFIRM)
openSUSE-SU-2013:1971 (SUSE)
SUSE-SU-2013:1182 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a5598bd9c087dc0efc250a5221e5d0e6f584ee88 ()
CVE: CVE-2013-3231
CVE: CVE-2013-3231
Id:
CVE-2013-3231
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231
Comment
: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://github.com/torvalds/linux/commit/c77a4b9cffb6215a15196ec499490d116dfad181 (CONFIRM)
[linux-kernel] 20130414 Linux 3.9-rc7 (MLIST)
[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9 (MLIST)
USN-1837-1 (UBUNTU)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1187 (SUSE)
FEDORA-2013-6537 (FEDORA)
FEDORA-2013-6999 (FEDORA)
openSUSE-SU-2013:1971 (SUSE)
RHSA-2013:1645 (REDHAT)
SUSE-SU-2013:1182 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c77a4b9cffb6215a15196ec499490d116dfad181 ()
CVE: CVE-2013-3232
CVE: CVE-2013-3232
Id:
CVE-2013-3232
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3232
Comment
: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://github.com/torvalds/linux/commit/3ce5efad47b62c57a4f5c54248347085a750ce0e (CONFIRM)
[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9 (MLIST)
[linux-kernel] 20130414 Linux 3.9-rc7 (MLIST)
https://github.com/torvalds/linux/commit/c802d759623acbd6e1ee9fbdabae89159a513913 (CONFIRM)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1187 (SUSE)
FEDORA-2013-6537 (FEDORA)
FEDORA-2013-6999 (FEDORA)
openSUSE-SU-2013:1971 (SUSE)
SUSE-SU-2013:1182 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c802d759623acbd6e1ee9fbdabae89159a513913 ()
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3ce5efad47b62c57a4f5c54248347085a750ce0e ()
CVE: CVE-2013-3234
CVE: CVE-2013-3234
Id:
CVE-2013-3234
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3234
Comment
: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9 (MLIST)
[linux-kernel] 20130414 Linux 3.9-rc7 (MLIST)
USN-1837-1 (UBUNTU)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1187 (SUSE)
https://github.com/torvalds/linux/commit/4a184233f21645cf0b719366210ed445d1024d72 (CONFIRM)
FEDORA-2013-6537 (FEDORA)
FEDORA-2013-6999 (FEDORA)
openSUSE-SU-2013:1971 (SUSE)
SUSE-SU-2013:1182 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4a184233f21645cf0b719366210ed445d1024d72 ()
CVE: CVE-2013-3235
CVE: CVE-2013-3235
Id:
CVE-2013-3235
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235
Comment
: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
[linux-kernel] 20130414 Linux 3.9-rc7 (MLIST)
[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9 (MLIST)
https://github.com/torvalds/linux/commit/60085c3d009b0df252547adb336d1ccca5ce52ec (CONFIRM)
USN-1837-1 (UBUNTU)
MDVSA-2013:176 (MANDRIVA)
openSUSE-SU-2013:1187 (SUSE)
openSUSE-SU-2013:1971 (SUSE)
SUSE-SU-2013:1182 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=60085c3d009b0df252547adb336d1ccca5ce52ec ()
CVE: CVE-2013-4345
CVE: CVE-2013-4345
Id:
CVE-2013-4345
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4345
Comment
: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE:
189 (Numeric Errors)
References:
[linux-crypto] 20130917 [PATCH] ansi_cprng: Fix off by one error in non-block size request (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1007690 (CONFIRM)
RHSA-2013:1449 (REDHAT)
RHSA-2013:1490 (REDHAT)
RHSA-2013:1645 (REDHAT)
USN-2071-1 (UBUNTU)
USN-2075-1 (UBUNTU)
USN-2068-1 (UBUNTU)
USN-2070-1 (UBUNTU)
USN-2064-1 (UBUNTU)
USN-2076-1 (UBUNTU)
USN-2074-1 (UBUNTU)
USN-2072-1 (UBUNTU)
USN-2065-1 (UBUNTU)
USN-2110-1 (UBUNTU)
USN-2109-1 (UBUNTU)
USN-2158-1 (UBUNTU)
62740 (BID)
CVE: CVE-2013-4470
CVE: CVE-2013-4470
Id:
CVE-2013-4470
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
Comment
: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2 (CONFIRM)
https://github.com/torvalds/linux/commit/c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b (CONFIRM)
https://github.com/torvalds/linux/commit/e93b7d748be887cd7639b113ba7d7ef792a7efb9 (CONFIRM)
[oss-security] 20131025 Re: CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1023477 (CONFIRM)
USN-2043-1 (UBUNTU)
USN-2042-1 (UBUNTU)
USN-2044-1 (UBUNTU)
USN-2046-1 (UBUNTU)
USN-2040-1 (UBUNTU)
USN-2049-1 (UBUNTU)
USN-2050-1 (UBUNTU)
USN-2069-1 (UBUNTU)
USN-2066-1 (UBUNTU)
USN-2067-1 (UBUNTU)
USN-2073-1 (UBUNTU)
63359 (BID)
RHSA-2014:0100 (REDHAT)
RHSA-2014:0284 (REDHAT)
SUSE-SU-2014:0459 (SUSE)
RHSA-2013:1801 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b (MISC)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e93b7d748be887cd7639b113ba7d7ef792a7efb9 (MISC)
CVE: CVE-2013-4483
CVE: CVE-2013-4483
Id:
CVE-2013-4483
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483
Comment
: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
189 (Numeric Errors)
References:
[oss-security] 20131030 Re: CVE Request -- Linux kernel: ipc: ipc_rcu_putref refcount races (MLIST)
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2 (CONFIRM)
https://github.com/torvalds/linux/commit/6062a8dc0517bce23e3c2f7d2fea5e22411269a3 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1024854 (CONFIRM)
openSUSE-SU-2014:0247 (SUSE)
RHSA-2014:0285 (REDHAT)
RHSA-2015:0284 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6062a8dc0517bce23e3c2f7d2fea5e22411269a3 (MISC)
CVE: CVE-2013-4511
CVE: CVE-2013-4511
Id:
CVE-2013-4511
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4511
Comment
: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2 (CONFIRM)
[oss-security] 20131104 Re: some unstracked linux kernel security fixes (MLIST)
https://github.com/torvalds/linux/commit/7314e613d5ff9f0934f7a0f74ed7973b903315d1 (CONFIRM)
USN-2069-1 (UBUNTU)
USN-2071-1 (UBUNTU)
USN-2066-1 (UBUNTU)
USN-2075-1 (UBUNTU)
USN-2068-1 (UBUNTU)
USN-2070-1 (UBUNTU)
USN-2067-1 (UBUNTU)
USN-2076-1 (UBUNTU)
USN-2074-1 (UBUNTU)
USN-2072-1 (UBUNTU)
USN-2073-1 (UBUNTU)
USN-2037-1 (UBUNTU)
USN-2036-1 (UBUNTU)
openSUSE-SU-2014:0205 (SUSE)
openSUSE-SU-2014:0247 (SUSE)
openSUSE-SU-2014:0204 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7314e613d5ff9f0934f7a0f74ed7973b903315d1 (MISC)
CVE: CVE-2013-4587
CVE: CVE-2013-4587
Id:
CVE-2013-4587
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4587
Comment
: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
20 (Improper Input Validation)
References:
https://github.com/torvalds/linux/commit/338c7dbadd2671189cec7faf64c84d01071b3f96 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1030986 (CONFIRM)
[oss-security] 20131212 Re: [vs-plain] kvm issues (MLIST)
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54 (CONFIRM)
openSUSE-SU-2014:0247 (SUSE)
USN-2110-1 (UBUNTU)
openSUSE-SU-2014:0204 (SUSE)
USN-2109-1 (UBUNTU)
USN-2113-1 (UBUNTU)
USN-2117-1 (UBUNTU)
openSUSE-SU-2014:0205 (SUSE)
USN-2138-1 (UBUNTU)
USN-2136-1 (UBUNTU)
USN-2129-1 (UBUNTU)
USN-2128-1 (UBUNTU)
USN-2139-1 (UBUNTU)
USN-2141-1 (UBUNTU)
USN-2135-1 (UBUNTU)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338c7dbadd2671189cec7faf64c84d01071b3f96 (MISC)
CVE: CVE-2013-4588
CVE: CVE-2013-4588
Id:
CVE-2013-4588
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4588
Comment
: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://github.com/torvalds/linux/commit/04bcef2a83f40c6db24222b27a52892cba39dffb (CONFIRM)
http://ftp.linux.org.uk/pub/linux/linux-2.6/ChangeLog-2.6.33 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1030800 (CONFIRM)
[oss-security] 20131115 Re: CVE request: Linux kernel: net: ipvs stack buffer overflow (MLIST)
USN-2065-1 (UBUNTU)
USN-2064-1 (UBUNTU)
63744 (BID)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=04bcef2a83f40c6db24222b27a52892cba39dffb (MISC)
CVE: CVE-2013-4591
CVE: CVE-2013-4591
Id:
CVE-2013-4591
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4591
Comment
: Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://github.com/torvalds/linux/commit/7d3e91a89b7adbc2831334def9e494dd9892f9af (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.2 (CONFIRM)
[oss-security] 20131118 CVE-2013-4591 -- Linux kernel: kernel: nfs: missing check for buffer length in __nfs4_get_acl_uncached (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1031678 (CONFIRM)
RHSA-2013:1645 (REDHAT)
RHSA-2014:0284 (REDHAT)
63791 (BID)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d3e91a89b7adbc2831334def9e494dd9892f9af (MISC)
CVE: CVE-2013-6367
CVE: CVE-2013-6367
Id:
CVE-2013-6367
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
Comment
: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
CVSSv2 Score:
5.7
Access vector:
ADJACENT_NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:A/AC:M/Au:N/C:N/I:N/A:C
CWE:
189 (Numeric Errors)
References:
[oss-security] 20131212 Re: [vs-plain] kvm issues (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1032207 (CONFIRM)
https://github.com/torvalds/linux/commit/b963a22e6d1a266a67e9eecc88134713fd54775c (CONFIRM)
64270 (BID)
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54 (CONFIRM)
openSUSE-SU-2014:0205 (SUSE)
openSUSE-SU-2014:0247 (SUSE)
USN-2110-1 (UBUNTU)
RHSA-2014:0163 (REDHAT)
openSUSE-SU-2014:0204 (SUSE)
USN-2109-1 (UBUNTU)
USN-2113-1 (UBUNTU)
USN-2117-1 (UBUNTU)
USN-2138-1 (UBUNTU)
USN-2136-1 (UBUNTU)
USN-2129-1 (UBUNTU)
USN-2128-1 (UBUNTU)
USN-2139-1 (UBUNTU)
USN-2141-1 (UBUNTU)
USN-2135-1 (UBUNTU)
RHSA-2014:0284 (REDHAT)
RHSA-2013:1801 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b963a22e6d1a266a67e9eecc88134713fd54775c (MISC)
CVE: CVE-2013-6368
CVE: CVE-2013-6368
Id:
CVE-2013-6368
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
Comment
: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
20 (Improper Input Validation)
References:
https://github.com/torvalds/linux/commit/fda4e2e85589191b123d31cdc21fd33ee70f50fd (CONFIRM)
[oss-security] 20131212 Re: [vs-plain] kvm issues (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1032210 (CONFIRM)
64291 (BID)
openSUSE-SU-2014:0247 (SUSE)
RHSA-2014:0163 (REDHAT)
openSUSE-SU-2014:0204 (SUSE)
USN-2113-1 (UBUNTU)
USN-2117-1 (UBUNTU)
openSUSE-SU-2014:0205 (SUSE)
USN-2133-1 (UBUNTU)
USN-2138-1 (UBUNTU)
USN-2136-1 (UBUNTU)
USN-2134-1 (UBUNTU)
USN-2139-1 (UBUNTU)
USN-2141-1 (UBUNTU)
USN-2135-1 (UBUNTU)
RHSA-2014:0284 (REDHAT)
RHSA-2013:1801 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fda4e2e85589191b123d31cdc21fd33ee70f50fd (MISC)
CVE: CVE-2013-6378
CVE: CVE-2013-6378
Id:
CVE-2013-6378
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6378
Comment
: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.
CVSSv2 Score:
4.4
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:S/C:N/I:N/A:C
CWE:
189 (Numeric Errors)
References:
[oss-security] 20131122 Linux kernel CVE fixes (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1033578 (CONFIRM)
https://github.com/torvalds/linux/commit/a497e47d4aec37aaf8f13509f3ef3d1f6a717d88 (CONFIRM)
USN-2065-1 (UBUNTU)
USN-2066-1 (UBUNTU)
USN-2075-1 (UBUNTU)
USN-2064-1 (UBUNTU)
USN-2070-1 (UBUNTU)
USN-2067-1 (UBUNTU)
USN-2114-1 (UBUNTU)
openSUSE-SU-2014:0247 (SUSE)
openSUSE-SU-2014:0204 (SUSE)
USN-2111-1 (UBUNTU)
USN-2116-1 (UBUNTU)
USN-2112-1 (UBUNTU)
USN-2115-1 (UBUNTU)
RHSA-2014:0100 (REDHAT)
59309 (SECUNIA)
59406 (SECUNIA)
http://linux.oracle.com/errata/ELSA-2014-0771.html (CONFIRM)
http://linux.oracle.com/errata/ELSA-2014-3043.html (CONFIRM)
59262 (SECUNIA)
63886 (BID)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a497e47d4aec37aaf8f13509f3ef3d1f6a717d88 (MISC)
CVE: CVE-2013-6383
CVE: CVE-2013-6383
Id:
CVE-2013-6383
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383
Comment
: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.8 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1033530 (CONFIRM)
https://github.com/torvalds/linux/commit/f856567b930dfcdbc3323261bf77240ccdde01f5 (CONFIRM)
[oss-security] 20131122 Linux kernel CVE fixes (MLIST)
USN-2069-1 (UBUNTU)
USN-2071-1 (UBUNTU)
USN-2066-1 (UBUNTU)
USN-2075-1 (UBUNTU)
USN-2068-1 (UBUNTU)
USN-2070-1 (UBUNTU)
USN-2067-1 (UBUNTU)
USN-2076-1 (UBUNTU)
USN-2074-1 (UBUNTU)
USN-2072-1 (UBUNTU)
USN-2073-1 (UBUNTU)
RHSA-2014:0100 (REDHAT)
USN-2108-1 (UBUNTU)
USN-2107-1 (UBUNTU)
RHSA-2014:0285 (REDHAT)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f856567b930dfcdbc3323261bf77240ccdde01f5 (MISC)
CVE: CVE-2014-1444
CVE: CVE-2014-1444
Id:
CVE-2014-1444
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444
Comment
: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.
CVSSv2 Score:
1.7
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:S/C:P/I:N/A:N
CWE:
399 (Resource Management Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1053610 (CONFIRM)
[oss-security] 20140115 Re: CVE request: assorted kernel infoleak security fixes (MLIST)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 (CONFIRM)
https://github.com/torvalds/linux/commit/96b340406724d87e4621284ebac5e059d67b2194 (CONFIRM)
64952 (BID)
USN-2129-1 (UBUNTU)
USN-2128-1 (UBUNTU)
linux-kernel-cve20141444-info-disc(90443) (XF)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=96b340406724d87e4621284ebac5e059d67b2194 ()
CVE: CVE-2014-1445
CVE: CVE-2014-1445
Id:
CVE-2014-1445
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445
Comment
: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
399 (Resource Management Errors)
References:
https://github.com/torvalds/linux/commit/2b13d06c9584b4eb773f1e80bbaedab9a1c344e1 (CONFIRM)
[oss-security] 20140115 Re: CVE request: assorted kernel infoleak security fixes (MLIST)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1053613 (CONFIRM)
64953 (BID)
USN-2129-1 (UBUNTU)
USN-2128-1 (UBUNTU)
linux-kernel-cve20141445-info-disc(90444) (XF)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1 ()
CVE: CVE-2014-1446
CVE: CVE-2014-1446
Id:
CVE-2014-1446
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446
Comment
: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
399 (Resource Management Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1053620 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8 (CONFIRM)
[oss-security] 20140115 Re: CVE request: assorted kernel infoleak security fixes (MLIST)
https://github.com/torvalds/linux/commit/8e3fbf870481eb53b2d3a322d1fc395ad8b367ed (CONFIRM)
64954 (BID)
FEDORA-2014-1062 (FEDORA)
FEDORA-2014-1072 (FEDORA)
MDVSA-2014:038 (MANDRIVA)
USN-2113-1 (UBUNTU)
USN-2117-1 (UBUNTU)
USN-2133-1 (UBUNTU)
USN-2138-1 (UBUNTU)
USN-2136-1 (UBUNTU)
USN-2134-1 (UBUNTU)
USN-2129-1 (UBUNTU)
USN-2128-1 (UBUNTU)
USN-2139-1 (UBUNTU)
USN-2141-1 (UBUNTU)
USN-2135-1 (UBUNTU)
linux-kernel-cve20141446-info-disc(90445) (XF)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed ()
Content available only for registered users!
ovaldb@altx-soft.com