VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2010-3301Sep 22, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by trigger

  • CVE-2010-2942MedSep 21, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory v

  • CVE-2010-2955Sep 8, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wi

  • CVE-2010-2066MedSep 8, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.

  • CVE-2010-2954Sep 3, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecifi

  • CVE-2010-1641Jun 1, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.

  • CVE-2010-1436May 21, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demo

  • CVE-2010-1146Apr 12, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under

  • CVE-2009-4538Jan 12, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.

  • CVE-2009-4536Jan 12, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large p

  • CVE-2009-4138Dec 16, 2009
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receivin

  • CVE-2009-4131Dec 13, 2009
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.

  • CVE-2009-4027Dec 2, 2009
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session

  • CVE-2009-4026Dec 2, 2009
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch."

  • CVE-2009-3939HigNov 16, 2009
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

Page 72 of 72