Vulnerabilities > CVE-2012-0038 - Integer Overflow or Wraparound vulnerability in Linux Kernel

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
linux
CWE-190
nessus

Summary

Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
OS
Linux
1424

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1384-1.NASL
    descriptionA bug was discovered in the Linux kernel
    last seen2020-03-18
    modified2012-03-07
    plugin id58265
    published2012-03-07
    reporterUbuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58265
    titleUbuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1384-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1384-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58265);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/02");
    
      script_cve_id("CVE-2011-4097", "CVE-2011-4127", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0055", "CVE-2012-0207", "CVE-2012-2100");
      script_bugtraq_id(50459, 51343, 51529);
      script_xref(name:"USN", value:"1384-1");
    
      script_name(english:"Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1384-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A bug was discovered in the Linux kernel's calculation of OOM (Out of
    memory) scores, that would result in the wrong process being killed. A
    user could use this to kill the process with the highest OOM score,
    even if that process belongs to another user or the system.
    (CVE-2011-4097)
    
    Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl
    command. A local user, or user in a VM could exploit this flaw to
    bypass restrictions and gain read/write access to all data on the
    affected block device. (CVE-2011-4127)
    
    A flaw was found in KVM's Programmable Interval Timer (PIT). When a
    virtual interrupt control is not available a local user could use this
    to cause a denial of service by starting a timer. (CVE-2011-4622)
    
    A flaw was discovered in the XFS filesystem. If a local user mounts a
    specially crafted XFS image it could potential execute arbitrary code
    on the system. (CVE-2012-0038)
    
    Andy Whitcroft discovered a that the Overlayfs filesystem was not
    doing the extended permission checks needed by cgroups and Linux
    Security Modules (LSMs). A local user could exploit this to by-pass
    security policy and access files that should not be accessible.
    (CVE-2012-0055)
    
    A flaw was found in the linux kernels IPv4 IGMP query processing. A
    remote attacker could exploit this to cause a denial of service.
    (CVE-2012-0207)
    
    A flaw was found in the Linux kernel's ext4 file system when mounting
    a corrupt filesystem. A user-assisted remote attacker could exploit
    this flaw to cause a denial of service. (CVE-2012-2100).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1384-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2011-4097", "CVE-2011-4127", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0055", "CVE-2012-0207", "CVE-2012-2100");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1384-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-16-generic", pkgver:"3.0.0-16.29~lucid1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-16-generic-pae", pkgver:"3.0.0-16.29~lucid1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-16-server", pkgver:"3.0.0-16.29~lucid1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-16-virtual", pkgver:"3.0.0-16.29~lucid1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.0-generic / linux-image-3.0-generic-pae / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1388-1.NASL
    descriptionPaolo Bonzini discovered a flaw in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id58269
    published2012-03-07
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58269
    titleUbuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1388-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1388-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58269);
      script_version("1.9");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2011-4127", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-2100");
      script_xref(name:"USN", value:"1388-1");
    
      script_name(english:"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1388-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl
    command. A local user, or user in a VM could exploit this flaw to
    bypass restrictions and gain read/write access to all data on the
    affected block device. (CVE-2011-4127)
    
    A flaw was found in KVM's Programmable Interval Timer (PIT). When a
    virtual interrupt control is not available a local user could use this
    to cause a denial of service by starting a timer. (CVE-2011-4622)
    
    A flaw was discovered in the XFS filesystem. If a local user mounts a
    specially crafted XFS image it could potential execute arbitrary code
    on the system. (CVE-2012-0038)
    
    A flaw was found in the Linux kernel's ext4 file system when mounting
    a corrupt filesystem. A user-assisted remote attacker could exploit
    this flaw to cause a denial of service. (CVE-2012-2100).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1388-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected linux-image-2.6-ec2 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2011-4127", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-2100");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1388-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-343-ec2", pkgver:"2.6.32-343.45")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-ec2");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-55.NASL
    descriptionA buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69662
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69662
    titleAmazon Linux AMI : kernel (ALAS-2012-55)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1389-1.NASL
    descriptionPaolo Bonzini discovered a flaw in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id58270
    published2012-03-07
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58270
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-1389-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-756.NASL
    descriptionThe openSUSE 11.4 kernel was updated to fix various bugs and security issues. This is the final update of the 2.6.37 kernel of openSUSE 11.4.
    last seen2020-06-05
    modified2014-06-13
    plugin id74801
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74801
    titleopenSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1361-1.NASL
    descriptionHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id57935
    published2012-02-14
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57935
    titleUbuntu 10.10 : linux vulnerabilities (USN-1361-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0333.NASL
    descriptionUpdated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages contain the Linux kernel. Security fixes : * SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. (CVE-2011-4127, Important) * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. (CVE-2011-2918, Moderate) * A local, unprivileged user could use flaws in the XFS file system implementation to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, CVE-2012-0038, Moderate) * A local, unprivileged user could use a flaw in the Out of Memory (OOM) killer to monopolize memory, have their process skipped by the OOM killer, or cause other tasks to be terminated. (CVE-2011-4097, Moderate) * A local, unprivileged user could use a flaw in the key management facility to cause a denial of service. (CVE-2011-4110, Moderate) * A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) * A local attacker could use a flaw in the Journaling Block Device (JBD) to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in igmp_heard_query() could allow an attacker, who is able to send certain IGMP (Internet Group Management Protocol) packets to a target system, to cause a denial of service. (CVE-2012-0207, Moderate) * If lock contention during signal sending occurred when in a software interrupt handler that is using the per-CPU debug stack, the task could be scheduled out on the realtime kernel, possibly leading to debug stack corruption. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-0810, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044; Wang Xi for reporting CVE-2012-0038; Shubham Goyal for reporting CVE-2011-4097; Andy Adamson for reporting CVE-2011-4131; and Simon McVittie for reporting CVE-2012-0207. Bug fixes : * When a sleeping task, waiting on a futex (fast userspace mutex), tried to get the spin_lock(hb->lock) RT-mutex, if the owner of the futex released the lock, the sleeping task was put on a futex proxy lock. Consequently, the sleeping task was blocked on two locks and eventually terminated in the BUG_ON() function. With this update, the WAKEUP_INPROGRESS pseudo-lock has been added to be used as a proxy lock. This pseudo-lock tells the sleeping task that it is being woken up so that the task no longer tries to get the second lock. Now, the futex code works as expected and sleeping tasks no longer crash in the described scenario. (BZ#784733) * When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario. (BZ#786145) * Previously, when a read operation on a loop device failed, the data successfully read from the device was not cleared and could eventually leak. This bug has been fixed and all data are now properly cleared in the described scenario. (BZ#761420) * Due to an assembler-sourced object, the perf utility (from the perf-rt package) for AMD64 and Intel 64 architectures contained an executable stack. This update adds the
    last seen2020-06-01
    modified2020-06-02
    plugin id76639
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76639
    titleRHEL 6 : MRG (RHSA-2012:0333)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1362-1.NASL
    descriptionHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id57936
    published2012-02-14
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57936
    titleUbuntu 11.04 : linux vulnerabilities (USN-1362-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-120130.NASL
    descriptionThe SUSE Linux Enterprise 11 SP1 kernel was updated to 2.6.32.54, fixing lots of bugs and security issues. The following security issues have been fixed : - A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127) - KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel. (CVE-2011-4110) - Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel. (CVE-2011-4081) - Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077) - A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2012-0038) - A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. (CVE-2011-4132) - Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g. guessing passwords by typing speed). (CVE-2011-2494) - When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-3873) - When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-4164) - A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed. The following non-security issues have been fixed:. (CVE-2011-2699) - elousb: Fixed bug in USB core API usage, code cleanup. (bnc#733863) - cifs: overhaul cifs_revalidate and rename to cifs_revalidate_dentry. (bnc#735453) - cifs: set server_eof in cifs_fattr_to_inode. (bnc#735453) - xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink(). (bnc#726600) - block: add and use scsi_blk_cmd_ioctl. (bnc#738400 / CVE-2011-4127) - block: fail SCSI passthrough ioctls on partition devices. (bnc#738400 / CVE-2011-4127) - dm: do not forward ioctls from logical volumes to the underlying device. (bnc#738400 / CVE-2011-4127) - Silence some warnings about ioctls on partitions. - netxen: Remove all references to unified firmware file. (bnc#708625) - bonding: send out gratuitous arps even with no address configured. (bnc#742270) - patches.fixes/ocfs2-serialize_unaligned_aio.patch: ocfs2: serialize unaligned aio. (bnc#671479) - patches.fixes/bonding-check-if-clients-MAC-addr-has-chan ged.patch: Update references. (bnc#729854, bnc#731004) - xfs: Fix wait calculations on lock acquisition and use milliseconds instead of jiffies to print the wait time. - ipmi: reduce polling when interrupts are available. (bnc#740867) - ipmi: reduce polling. (bnc#740867) - Linux 2.6.32.54. - export shrink_dcache_for_umount_subtree. - patches.suse/stack-unwind: Fix more 2.6.29 merge problems plus a glue code problem. (bnc#736018) - PM / Sleep: Fix race between CPU hotplug and freezer. (bnc#740535) - jbd: Issue cache flush after checkpointing. (bnc#731770) - lpfc: make sure job exists when processing BSG. (bnc#735635) - Linux 2.6.32.53. - blktap: fix locking (again). (bnc#724734) - xen: Update Xen patches to 2.6.32.52. - Linux 2.6.32.52. - Linux 2.6.32.51. - Linux 2.6.32.50. - reiserfs: Lock buffers unconditionally in reiserfs_write_full_page(). (bnc#716023) - writeback: Include all dirty inodes in background writeback. (bnc#716023) - reiserfs: Fix quota mount option parsing. (bnc#728626) - bonding: check if clients MAC addr has changed. (bnc#729854) - rpc client can not deal with ENOSOCK, so translate it into ENOCONN. (bnc#733146) - st: modify tape driver to allow writing immediate filemarks. (bnc#688996) - xfs: fix for xfssyncd failure to wake. (bnc#722910) - ipmi: Fix deadlock in start_next_msg(). - net: bind() fix error return on wrong address family. (bnc#735216) - net: ipv4: relax AF_INET check in bind(). (bnc#735216) - net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrs. (bnc#735216) - Bluetooth: Fixed Atheros AR3012 Maryann PID/VID supported. (bnc#732296) - percpu: fix chunk range calculation. (bnc#668872) - x86, UV: Fix kdump reboot. (bnc#735446) - dm: Use done_bytes for io_completion. (bnc#711378) - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported. (bnc#732296) - Bluetooth: Add Atheros AR3012 one PID/VID supported. (bnc#732296) - fix missing hunk in oplock break patch. (bnc#706973) - patches.arch/s390-34-01-pfault-cpu-hotplug.patch: Refresh. Surrounded s390x lowcore change with __GENKSYMS__. (bnc#728339) - patches.xen/xen3-patch-2.6.30: Refresh. - sched, x86: Avoid unnecessary overflow in sched_clock. (bnc#725709) - ACPI thermal: Do not invalidate thermal zone if critical trip point is bad.
    last seen2020-06-05
    modified2012-02-07
    plugin id57854
    published2012-02-07
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57854
    titleSuSE 11.1 Security Update : Linux kernel (SAT Patch Number 5732)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1394-1.NASL
    descriptionAristide Fattori and Roberto Paleari reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58289
    published2012-03-08
    reporterUbuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58289
    titleUSN-1394-1 : Linux kernel (OMAP4) vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1363-1.NASL
    descriptionA bug was discovered in the Linux kernel
    last seen2020-03-18
    modified2012-02-14
    plugin id57937
    published2012-02-14
    reporterUbuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57937
    titleUbuntu 11.10 : linux vulnerabilities (USN-1363-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0350.NASL
    descriptionUpdated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58275
    published2012-03-08
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58275
    titleCentOS 6 : kernel (CESA-2012:0350)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1387-1.NASL
    descriptionAristide Fattori and Roberto Paleari reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58268
    published2012-03-07
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58268
    titleUbuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1387-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1391-1.NASL
    descriptionA flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id58287
    published2012-03-08
    reporterUbuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58287
    titleUbuntu 10.10 : linux-mvl-dove vulnerability (USN-1391-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1356-1.NASL
    descriptionA flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038) Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044) A flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. (CVE-2012-0207)
    last seen2020-06-01
    modified2020-06-02
    plugin id57856
    published2012-02-07
    reporterUbuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57856
    titleUSN-1356-1 : linux-ti-omap4 vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0350.NASL
    descriptionUpdated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-04-16
    modified2012-03-07
    plugin id58261
    published2012-03-07
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58261
    titleRHEL 6 : kernel (RHSA-2012:0350)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0422.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes two security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79285
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79285
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2012:0422)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1364-1.NASL
    descriptionA flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038) Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. (CVE-2012-0055) Juri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem permissions. A local attacker could exploit this and gain root privileges. (CVE-2012-0056) A flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. (CVE-2012-0207)
    last seen2020-06-01
    modified2020-06-02
    plugin id57938
    published2012-02-14
    reporterUbuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57938
    titleUSN-1364-1 : linux-ti-omap4 vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0350.NASL
    descriptionFrom Red Hat Security Advisory 2012:0350 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id68491
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68491
    titleOracle Linux 6 : kernel (ELSA-2012-0350)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-120129.NASL
    descriptionThe SUSE Linux Enterprise 11 SP1 kernel has been updated to 2.6.32.54, fixing numerous bugs and security issues. The following security issues have been fixed : - A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127) - KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel. (CVE-2011-4110) - Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel. (CVE-2011-4081) - Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077) - A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2012-0038) - A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. (CVE-2011-4132) - Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g. guessing passwords by typing speed). (CVE-2011-2494) - When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-3873) - When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-4164) - A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed. (CVE-2011-2699) The following non-security issues have been fixed (excerpt from changelog) : - elousb: Fixed bug in USB core API usage, code cleanup. - cifs: overhaul cifs_revalidate and rename to cifs_revalidate_dentry. - cifs: set server_eof in cifs_fattr_to_inode. - xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink(). - Silence some warnings about ioctls on partitions. - netxen: Remove all references to unified firmware file. - bonding: send out gratuitous arps even with no address configured. - patches.fixes/ocfs2-serialize_unaligned_aio.patch: ocfs2: serialize unaligned aio. - patches.fixes/bonding-check-if-clients-MAC-addr-has-chan ged.patch: Update references. - xfs: Fix wait calculations on lock acquisition and use milliseconds instead of jiffies to print the wait time. - ipmi: reduce polling when interrupts are available. - ipmi: reduce polling. - export shrink_dcache_for_umount_subtree. - patches.suse/stack-unwind: Fix more 2.6.29 merge problems plus a glue code problem. - PM / Sleep: Fix race between CPU hotplug and freezer. - jbd: Issue cache flush after checkpointing. - lpfc: make sure job exists when processing BSG. - blktap: fix locking (again). - xen: Update Xen patches to 2.6.32.52. - reiserfs: Lock buffers unconditionally in reiserfs_write_full_page(). - writeback: Include all dirty inodes in background writeback. - reiserfs: Fix quota mount option parsing. - bonding: check if clients MAC addr has changed. - rpc client can not deal with ENOSOCK, so translate it into ENOCONN. - st: modify tape driver to allow writing immediate filemarks. - xfs: fix for xfssyncd failure to wake. - ipmi: Fix deadlock in start_next_msg(). - net: bind() fix error return on wrong address family. - net: ipv4: relax AF_INET check in bind(). - net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrs. - Bluetooth: Fixed Atheros AR3012 Maryann PID/VID supported. - percpu: fix chunk range calculation. - x86, UV: Fix kdump reboot. - dm: Use done_bytes for io_completion. - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported. - Bluetooth: Add Atheros AR3012 one PID/VID supported. - fix missing hunk in oplock break patch. - patches.arch/s390-34-01-pfault-cpu-hotplug.patch: Refresh. - Surrounded s390x lowcore change with __GENKSYMS__ - patches.xen/xen3-patch-2.6.30: Refresh. - sched, x86: Avoid unnecessary overflow in sched_clock. - ACPI thermal: Do not invalidate thermal zone if critical trip point is bad.
    last seen2020-06-05
    modified2012-02-07
    plugin id57853
    published2012-02-07
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57853
    titleSuSE 11.1 Security Update : Linux Kernel (SAT Patch Numbers 5723 / 5725)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120306_KERNEL_ON_SL6_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2012-08-01
    plugin id61277
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61277
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120306)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-342.NASL
    descriptionThis kernel update of the openSUSE 12.1 kernel fixes lots of bugs and security issues. Following issues were fixed : - tcp: drop SYN+FIN messages (bnc#765102). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - ext4: fix undefined behavior in ext4_fill_flex_info() (bnc#757278). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - b43: allocate receive buffers big enough for max frame len + offset (bnc#717749). - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus_dev: add missing error checks to watch handling. - hwmon: (coretemp-xen) Fix TjMax detection for older CPUs. - hwmon: (coretemp-xen) Relax target temperature range check. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - bridge: correct IPv6 checksum after pull (bnc#738644). - bridge: fix a possible use after free (bnc#738644). - bridge: Pseudo-header required for the checksum of ICMPv6 (bnc#738644). - bridge: mcast snooping, fix length check of snooped MLDv1/2 (bnc#738644). - PCI/ACPI: Report ASPM support to BIOS if not disabled from command line (bnc#714455). - ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID (bnc#756203). - drm/i915/crt: Remove 0xa0 probe for VGA. - tty_audit: fix tty_audit_add_data live lock on audit disabled (bnc#721366). - drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908). - dlm: Do not allocate a fd for peeloff (bnc#729247). - sctp: Export sctp_do_peeloff (bnc#729247). - i2c-algo-bit: Fix spurious SCL timeouts under heavy load. - patches.fixes/epoll-dont-limit-non-nested.patch: Don
    last seen2020-06-05
    modified2014-06-13
    plugin id74658
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74658
    titleopenSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-2003.NASL
    descriptionDescription of changes: * CVE-2012-0207: Denial of service bug in IGMP. The IGMP subsystem
    last seen2020-06-01
    modified2020-06-02
    plugin id68669
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68669
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2003)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1042.NASL
    descriptionUpdated kernel packages that fix various security issues and three bugs are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * It was found that the kvm_vm_ioctl_assign_device() function in the KVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. (CVE-2011-4347, Moderate) * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64044
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64044
    titleRHEL 6 : kernel (RHSA-2012:1042)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1386-1.NASL
    descriptionThe linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. (CVE-2011-2498) A flaw was discovered in the TOMOYO LSM
    last seen2020-03-18
    modified2012-03-07
    plugin id58267
    published2012-03-07
    reporterUbuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58267
    titleUbuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1386-1)

Redhat

rpms
  • kernel-rt-0:3.0.18-rt34.53.el6rt
  • kernel-rt-debug-0:3.0.18-rt34.53.el6rt
  • kernel-rt-debug-debuginfo-0:3.0.18-rt34.53.el6rt
  • kernel-rt-debug-devel-0:3.0.18-rt34.53.el6rt
  • kernel-rt-debuginfo-0:3.0.18-rt34.53.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.0.18-rt34.53.el6rt
  • kernel-rt-devel-0:3.0.18-rt34.53.el6rt
  • kernel-rt-doc-0:3.0.18-rt34.53.el6rt
  • kernel-rt-firmware-0:3.0.18-rt34.53.el6rt
  • kernel-rt-trace-0:3.0.18-rt34.53.el6rt
  • kernel-rt-trace-debuginfo-0:3.0.18-rt34.53.el6rt
  • kernel-rt-trace-devel-0:3.0.18-rt34.53.el6rt
  • kernel-rt-vanilla-0:3.0.18-rt34.53.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.0.18-rt34.53.el6rt
  • kernel-rt-vanilla-devel-0:3.0.18-rt34.53.el6rt
  • kernel-0:2.6.32-220.7.1.el6
  • kernel-bootwrapper-0:2.6.32-220.7.1.el6
  • kernel-debug-0:2.6.32-220.7.1.el6
  • kernel-debug-debuginfo-0:2.6.32-220.7.1.el6
  • kernel-debug-devel-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-220.7.1.el6
  • kernel-devel-0:2.6.32-220.7.1.el6
  • kernel-doc-0:2.6.32-220.7.1.el6
  • kernel-firmware-0:2.6.32-220.7.1.el6
  • kernel-headers-0:2.6.32-220.7.1.el6
  • kernel-kdump-0:2.6.32-220.7.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-220.7.1.el6
  • kernel-kdump-devel-0:2.6.32-220.7.1.el6
  • perf-0:2.6.32-220.7.1.el6
  • perf-debuginfo-0:2.6.32-220.7.1.el6
  • python-perf-0:2.6.32-220.7.1.el6
  • kernel-0:2.6.32-131.29.1.el6
  • kernel-bootwrapper-0:2.6.32-131.29.1.el6
  • kernel-debug-0:2.6.32-131.29.1.el6
  • kernel-debug-debuginfo-0:2.6.32-131.29.1.el6
  • kernel-debug-devel-0:2.6.32-131.29.1.el6
  • kernel-debuginfo-0:2.6.32-131.29.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-131.29.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-131.29.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-131.29.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-131.29.1.el6
  • kernel-devel-0:2.6.32-131.29.1.el6
  • kernel-doc-0:2.6.32-131.29.1.el6
  • kernel-firmware-0:2.6.32-131.29.1.el6
  • kernel-headers-0:2.6.32-131.29.1.el6
  • kernel-kdump-0:2.6.32-131.29.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-131.29.1.el6
  • kernel-kdump-devel-0:2.6.32-131.29.1.el6
  • perf-0:2.6.32-131.29.1.el6
  • perf-debuginfo-0:2.6.32-131.29.1.el6

Seebug

bulletinFamilyexploit
descriptionBugtraq ID: 51380 CVE ID:CVE-2012-0038 Linux是一款开源的操作系统。 Linux内核XFS文件系统存在整数溢出,攻击者可以利用漏洞使系统崩溃。 &quot;xfs_acl_from_disk()&quot;函数(fs/xfs/xfs_acl.c)存在整数溢出,可被利用破坏内核内存。 要成功利用漏洞需要物理访问能自动安装插入媒体设备的系统或诱使用户安装恶意文件系统(如通过USB设备)。 0 Linux Kernel 2.6.x http://kqueue.org/blog/2012/01/10/cve-2012-0038-xfs-acl-count-integer-overflow/
idSSV:30016
last seen2017-11-19
modified2012-01-13
published2012-01-13
reporterRoot
titleLinux Kernel XFS Filesystem 'fs/xfs/xfs_acl.c'整数溢出漏洞