CVE-2011-1350
published 2013-02-05CVE-2011-1350: The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that…
PriorityP429high7.1CVSS 2.0
AVNACMAuNCCINAN
EXPLOIT
EPSS
1.11%
61.8th percentile
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | <= 2.3.5 | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — |
CVSS provenance
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:C/I:N/A:N
osv7.1HIGH
vendor_redhat6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-44vc-m92x-27v5: The PowerVR SGX driver in Android before 2
ghsa_unreviewed·2022-05-17
CVE-2011-1350 [HIGH] CWE-200 GHSA-44vc-m92x-27v5: The PowerVR SGX driver in Android before 2
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.
OSV
CVE-2011-1350: The PowerVR SGX driver in Android before 2
osv·2013-02-05·CVSS 7.1
CVE-2011-1350 [HIGH] CVE-2011-1350: The PowerVR SGX driver in Android before 2
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.
Red Hat
kernel: gro: only reset frag0 when skb can be pulled
vendor_redhat·2011-07-27·CVSS 5.7
CVE-2011-2723 [MEDIUM] kernel: gro: only reset frag0 when skb can be pulled
kernel: gro: only reset frag0 when skb can be pulled
The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit a5b1cf28 that introduced this issue. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
Package: kern
Red Hat
kernel: perf: Fix software event overflow
vendor_redhat·2011-07-22·CVSS 5.5
CVE-2011-2918 [MEDIUM] kernel: perf: Fix software event overflow
kernel: perf: Fix software event overflow
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
Statement: This issue did not affect Red Hat Enterprise Linux 4 and 5 as they did not include support for perf. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2012-0333.html.
Package: kernel (Red Hat Enterprise Linux 4) - Not affected
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Red Hat
kernel: taskstats: duplicate entries in listener mode can lead to DoS
vendor_redhat·2011-06-16·CVSS 4.9
CVE-2011-2484 [MEDIUM] kernel: taskstats: duplicate entries in listener mode can lead to DoS
kernel: taskstats: duplicate entries in listener mode can lead to DoS
The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 as it did not provide support for the Taskstats interface. This was fixed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
Package: kernel (Red Hat Enterpris
Red Hat
kernel: af_packet: infoleak
vendor_redhat·2011-06-07·CVSS 5.5
CVE-2011-2898 [MEDIUM] kernel: af_packet: infoleak
kernel: af_packet: infoleak
net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit 393e52e3 that introduced this flaw. This has been addressed in Red Hat Enterprise Linux 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
Package: kernel (Red Hat Enterprise Linux 4) - Not affected
Package: kernel (Red Hat Enterprise Linux
Red Hat
kernel: agp: insufficient page_count parameter checking in agp_allocate_memory()
vendor_redhat·2011-04-14·CVSS 6.9
CVE-2011-1746 [MEDIUM] kernel: agp: insufficient page_count parameter checking in agp_allocate_memory()
kernel: agp: insufficient page_count parameter checking in agp_allocate_memory()
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.
Statement: This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html, and http
Red Hat
kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
vendor_redhat·2011-04-14·CVSS 6.9
CVE-2011-1745 [MEDIUM] kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.
Statement: This issue affects the versions of Linux kernel as shipped with Red Hat
Enterprise 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance lif
Red Hat
kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
vendor_redhat·2011-04-14·CVSS 6.9
CVE-2011-2022 [MEDIUM] kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.
Statement: This issue affects the versions of Linux kernel as shipped with Red Hat
Enterprise 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html, and https://rhn.redhat.com/errata/RHSA-2011-1253
Red Hat
kernel: perf, x86: fix Intel fixed counters base initialization
vendor_redhat·2011-03-19·CVSS 4.9
CVE-2011-2521 [MEDIUM] kernel: perf, x86: fix Intel fixed counters base initialization
kernel: perf, x86: fix Intel fixed counters base initialization
The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commit 41bf498 that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-1350.html.
Package: kernel (Red Hat Enterprise Linux 4) - Not affected
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: realti
No detection rules found.
Bugzilla
CVE-2011-2918 kernel: perf: Fix software event overflow
bugzilla·2011-08-15·CVSS 5.5
CVE-2011-2918 [MEDIUM] CVE-2011-2918 kernel: perf: Fix software event overflow
CVE-2011-2918 kernel: perf: Fix software event overflow
Under certain circumstances software event overflows go wrong and deadlock. Avoid trying to delete a timer from the timer callback.
Upstream fix:
a8b0ca17b80e92faab46ee7179ba9e99ccb61233
References:
https://lkml.org/lkml/2011/7/27/337
https://lkml.org/lkml/2011/7/28/284
Discussion:
Statement:
This issue did not affect Red Hat Enterprise Linux 4 and 5 as they did not include support for perf. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2012-0333.html.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:1350 https://rhn.redhat.com/errata/RHSA-2011-1350.h
Bugzilla
CVE-2011-2898 kernel: af_packet: infoleak
bugzilla·2011-08-04·CVSS 5.5
CVE-2011-2898 [MEDIUM] CVE-2011-2898 kernel: af_packet: infoleak
CVE-2011-2898 kernel: af_packet: infoleak
In 2.6.27, commit 393e52e33c6c2 (packet: deliver VLAN TCI to userspace) added a small information leak.
Add padding field and make sure its zeroed before copy to user.
Upstream commit:
http://git.kernel.org/linus/13fcb7bd322164c67926ffe272846d4860196dc6
introduced by commit 393e52e33c6c2 (v2.6.27-rc1)
Discussion:
Statement:
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit 393e52e3 that introduced this flaw. This has been addressed in Red Hat Enterprise Linux 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
---
This issue has been addressed in following
2013-02-05
Published