Suse Linux Enterprise Real Time Extension vulnerabilities

CVE-2014-1737 [HIGH] CWE-754 CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not pr The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

CVE-2014-1738 [LOW] CWE-200 CVE-2014-1738: The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not p The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

CVE-2014-0181 [LOW] CWE-264 CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for autho The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

CVE-2010-4164 [HIGH] CVE-2010-4164: Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873.

CVE-2010-4163 [MEDIUM] CWE-20 CVE-2010-4163: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device.

CVE-2010-4162 [MEDIUM] CWE-190 CVE-2010-4162: Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to caus Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.

CVE-2010-3876 [LOW] CWE-909 CVE-2010-3876: net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain st net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures.

CVE-2010-3849 [MEDIUM] CWE-476 CVE-2010-3849: The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an e The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.

CVE-2010-4258 [MEDIUM] CWE-269 CVE-2010-4258: The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by ve

CVE-2010-3848 [MEDIUM] CWE-787 CVE-2010-3848: Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux ke Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.

CVE-2010-3850 [LOW] CVE-2010-3850: The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not req The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.

CVE-2010-4158 [LOW] CWE-200 CVE-2010-4158: The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check w The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.

CVE-2010-3874 [MEDIUM] CWE-787 CVE-2010-3874: Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation.

CVE-2010-4347 [MEDIUM] CWE-269 CVE-2010-4347: The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_ The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.

CVE-2010-4157 [MEDIUM] CWE-190 CVE-2010-4157: Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.3 Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call.

CVE-2010-3861 [LOW] CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not init The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478.

CVE-2010-3904 [HIGH] CWE-1284 CVE-2010-3904: The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol im The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

CVE-2010-4081 [LOW] CWE-909 CVE-2010-4081: The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.

CVE-2010-4082 [LOW] CWE-909 CVE-2010-4082: The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6. The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call.

CVE-2010-4080 [LOW] CWE-200 CVE-2010-4080: The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.