Vulnerabilities > CVE-2012-0044 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
canonical
CWE-190
nessus

Summary

Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.

Vulnerable Configurations

Part Description Count
OS
Linux
1329
OS
Canonical
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1555-1.NASL
    descriptionChen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044) A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id61788
    published2012-09-05
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61788
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-1555-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1555-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61788);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-0044", "CVE-2012-2372", "CVE-2012-3400");
      script_bugtraq_id(51371, 54062);
      script_xref(name:"USN", value:"1555-1");
    
      script_name(english:"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1555-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Chen Haogang discovered an integer overflow that could result in
    memory corruption. A local unprivileged user could use this to crash
    the system. (CVE-2012-0044)
    
    A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS)
    protocol implementation. A local, unprivileged user could use this
    flaw to cause a denial of service. (CVE-2012-2372)
    
    Some errors where discovered in the Linux kernel's UDF file system,
    which is used to mount some CD-ROMs and DVDs. An unprivileged local
    user could use these flaws to crash the system. (CVE-2012-3400).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1555-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2012-0044", "CVE-2012-2372", "CVE-2012-3400");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1555-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-42-386", pkgver:"2.6.32-42.96")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-42-generic", pkgver:"2.6.32-42.96")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-42-generic-pae", pkgver:"2.6.32-42.96")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-42-lpia", pkgver:"2.6.32-42.96")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-42-preempt", pkgver:"2.6.32-42.96")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-42-server", pkgver:"2.6.32-42.96")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-42-versatile", pkgver:"2.6.32-42.96")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-42-virtual", pkgver:"2.6.32-42.96")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-386 / linux-image-2.6-generic / etc");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_LIBDRM_20120417.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id80666
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80666
    titleOracle Solaris Third-Party Patch Update : libdrm (cve_2012_0044_integer_overflow)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Oracle Third Party software advisories.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(80666);
      script_version("1.2");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id("CVE-2012-0044");
    
      script_name(english:"Oracle Solaris Third-Party Patch Update : libdrm (cve_2012_0044_integer_overflow)");
      script_summary(english:"Check for the 'entire' version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Solaris system is missing a security patch for third-party
    software."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Solaris system is missing necessary patches to address
    security updates."
      );
      # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a913f44"
      );
      # https://blogs.oracle.com/sunsecurity/cve-2012-0044-integer-overflow-vulnerability-in-graphics-drm
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ec43534c"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 6.6.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:libdrm");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Solaris11/release");
    if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
    pkg_list = solaris_pkg_list_leaves();
    if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
    
    if (empty_or_null(egrep(string:pkg_list, pattern:"^libdrm$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "libdrm");
    
    flag = 0;
    
    if (solaris_check_release(release:"0.5.11-0.175.0.6.0.6.0", sru:"SRU 6.6") > 0) flag++;
    
    if (flag)
    {
      error_extra = 'Affected package : libdrm\n' + solaris_get_report2();
      error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
      if (report_verbosity > 0) security_hole(port:0, extra:error_extra);
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_PACKAGE_NOT_AFFECTED, "libdrm");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1556-1.NASL
    descriptionChen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044) A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id62005
    published2012-09-07
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62005
    titleUbuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1556-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120618_KERNEL_ON_SL6_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) - A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) - When a set user ID (setuid) application is executed, certain personality flags for controlling the application
    last seen2020-03-18
    modified2012-08-01
    plugin id61331
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61331
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120618)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-756.NASL
    descriptionThe openSUSE 11.4 kernel was updated to fix various bugs and security issues. This is the final update of the 2.6.37 kernel of openSUSE 11.4.
    last seen2020-06-05
    modified2014-06-13
    plugin id74801
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74801
    titleopenSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0743.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application
    last seen2020-06-01
    modified2020-06-02
    plugin id59609
    published2012-06-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59609
    titleCentOS 6 : kernel (CESA-2012:0743)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1361-1.NASL
    descriptionHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id57935
    published2012-02-14
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57935
    titleUbuntu 10.10 : linux vulnerabilities (USN-1361-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0333.NASL
    descriptionUpdated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages contain the Linux kernel. Security fixes : * SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. (CVE-2011-4127, Important) * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. (CVE-2011-2918, Moderate) * A local, unprivileged user could use flaws in the XFS file system implementation to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, CVE-2012-0038, Moderate) * A local, unprivileged user could use a flaw in the Out of Memory (OOM) killer to monopolize memory, have their process skipped by the OOM killer, or cause other tasks to be terminated. (CVE-2011-4097, Moderate) * A local, unprivileged user could use a flaw in the key management facility to cause a denial of service. (CVE-2011-4110, Moderate) * A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) * A local attacker could use a flaw in the Journaling Block Device (JBD) to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in igmp_heard_query() could allow an attacker, who is able to send certain IGMP (Internet Group Management Protocol) packets to a target system, to cause a denial of service. (CVE-2012-0207, Moderate) * If lock contention during signal sending occurred when in a software interrupt handler that is using the per-CPU debug stack, the task could be scheduled out on the realtime kernel, possibly leading to debug stack corruption. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-0810, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044; Wang Xi for reporting CVE-2012-0038; Shubham Goyal for reporting CVE-2011-4097; Andy Adamson for reporting CVE-2011-4131; and Simon McVittie for reporting CVE-2012-0207. Bug fixes : * When a sleeping task, waiting on a futex (fast userspace mutex), tried to get the spin_lock(hb->lock) RT-mutex, if the owner of the futex released the lock, the sleeping task was put on a futex proxy lock. Consequently, the sleeping task was blocked on two locks and eventually terminated in the BUG_ON() function. With this update, the WAKEUP_INPROGRESS pseudo-lock has been added to be used as a proxy lock. This pseudo-lock tells the sleeping task that it is being woken up so that the task no longer tries to get the second lock. Now, the futex code works as expected and sleeping tasks no longer crash in the described scenario. (BZ#784733) * When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario. (BZ#786145) * Previously, when a read operation on a loop device failed, the data successfully read from the device was not cleared and could eventually leak. This bug has been fixed and all data are now properly cleared in the described scenario. (BZ#761420) * Due to an assembler-sourced object, the perf utility (from the perf-rt package) for AMD64 and Intel 64 architectures contained an executable stack. This update adds the
    last seen2020-06-01
    modified2020-06-02
    plugin id76639
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76639
    titleRHEL 6 : MRG (RHSA-2012:0333)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1362-1.NASL
    descriptionHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id57936
    published2012-02-14
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57936
    titleUbuntu 11.04 : linux vulnerabilities (USN-1362-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0743.NASL
    descriptionFrom Red Hat Security Advisory 2012:0743 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application
    last seen2020-06-01
    modified2020-06-02
    plugin id68544
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68544
    titleOracle Linux 6 : kernel (ELSA-2012-0743)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1394-1.NASL
    descriptionAristide Fattori and Roberto Paleari reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58289
    published2012-03-08
    reporterUbuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58289
    titleUSN-1394-1 : Linux kernel (OMAP4) vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1340-1.NASL
    descriptionClement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57664
    published2012-01-24
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57664
    titleUbuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1340-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1387-1.NASL
    descriptionAristide Fattori and Roberto Paleari reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58268
    published2012-03-07
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58268
    titleUbuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1387-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1356-1.NASL
    descriptionA flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038) Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044) A flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. (CVE-2012-0207)
    last seen2020-06-01
    modified2020-06-02
    plugin id57856
    published2012-02-07
    reporterUbuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57856
    titleUSN-1356-1 : linux-ti-omap4 vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1336-1.NASL
    descriptionClement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57660
    published2012-01-24
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57660
    titleUbuntu 11.10 : linux vulnerability (USN-1336-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0743.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application
    last seen2020-06-01
    modified2020-06-02
    plugin id59562
    published2012-06-19
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59562
    titleRHEL 6 : kernel (RHSA-2012:0743)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-342.NASL
    descriptionThis kernel update of the openSUSE 12.1 kernel fixes lots of bugs and security issues. Following issues were fixed : - tcp: drop SYN+FIN messages (bnc#765102). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - ext4: fix undefined behavior in ext4_fill_flex_info() (bnc#757278). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - b43: allocate receive buffers big enough for max frame len + offset (bnc#717749). - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus_dev: add missing error checks to watch handling. - hwmon: (coretemp-xen) Fix TjMax detection for older CPUs. - hwmon: (coretemp-xen) Relax target temperature range check. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - bridge: correct IPv6 checksum after pull (bnc#738644). - bridge: fix a possible use after free (bnc#738644). - bridge: Pseudo-header required for the checksum of ICMPv6 (bnc#738644). - bridge: mcast snooping, fix length check of snooped MLDv1/2 (bnc#738644). - PCI/ACPI: Report ASPM support to BIOS if not disabled from command line (bnc#714455). - ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID (bnc#756203). - drm/i915/crt: Remove 0xa0 probe for VGA. - tty_audit: fix tty_audit_add_data live lock on audit disabled (bnc#721366). - drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908). - dlm: Do not allocate a fd for peeloff (bnc#729247). - sctp: Export sctp_do_peeloff (bnc#729247). - i2c-algo-bit: Fix spurious SCL timeouts under heavy load. - patches.fixes/epoll-dont-limit-non-nested.patch: Don
    last seen2020-06-05
    modified2014-06-13
    plugin id74658
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74658
    titleopenSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1042.NASL
    descriptionUpdated kernel packages that fix various security issues and three bugs are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * It was found that the kvm_vm_ioctl_assign_device() function in the KVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. (CVE-2011-4347, Moderate) * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64044
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64044
    titleRHEL 6 : kernel (RHSA-2012:1042)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1386-1.NASL
    descriptionThe linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. (CVE-2011-2498) A flaw was discovered in the TOMOYO LSM
    last seen2020-03-18
    modified2012-03-07
    plugin id58267
    published2012-03-07
    reporterUbuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58267
    titleUbuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1386-1)

Redhat

advisories
rhsa
idRHSA-2012:0743
rpms
  • kernel-rt-0:3.0.18-rt34.53.el6rt
  • kernel-rt-debug-0:3.0.18-rt34.53.el6rt
  • kernel-rt-debug-debuginfo-0:3.0.18-rt34.53.el6rt
  • kernel-rt-debug-devel-0:3.0.18-rt34.53.el6rt
  • kernel-rt-debuginfo-0:3.0.18-rt34.53.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.0.18-rt34.53.el6rt
  • kernel-rt-devel-0:3.0.18-rt34.53.el6rt
  • kernel-rt-doc-0:3.0.18-rt34.53.el6rt
  • kernel-rt-firmware-0:3.0.18-rt34.53.el6rt
  • kernel-rt-trace-0:3.0.18-rt34.53.el6rt
  • kernel-rt-trace-debuginfo-0:3.0.18-rt34.53.el6rt
  • kernel-rt-trace-devel-0:3.0.18-rt34.53.el6rt
  • kernel-rt-vanilla-0:3.0.18-rt34.53.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.0.18-rt34.53.el6rt
  • kernel-rt-vanilla-devel-0:3.0.18-rt34.53.el6rt
  • kernel-0:2.6.32-220.23.1.el6
  • kernel-bootwrapper-0:2.6.32-220.23.1.el6
  • kernel-debug-0:2.6.32-220.23.1.el6
  • kernel-debug-debuginfo-0:2.6.32-220.23.1.el6
  • kernel-debug-devel-0:2.6.32-220.23.1.el6
  • kernel-debuginfo-0:2.6.32-220.23.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-220.23.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-220.23.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-220.23.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-220.23.1.el6
  • kernel-devel-0:2.6.32-220.23.1.el6
  • kernel-doc-0:2.6.32-220.23.1.el6
  • kernel-firmware-0:2.6.32-220.23.1.el6
  • kernel-headers-0:2.6.32-220.23.1.el6
  • kernel-kdump-0:2.6.32-220.23.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-220.23.1.el6
  • kernel-kdump-devel-0:2.6.32-220.23.1.el6
  • perf-0:2.6.32-220.23.1.el6
  • perf-debuginfo-0:2.6.32-220.23.1.el6
  • python-perf-0:2.6.32-220.23.1.el6
  • python-perf-debuginfo-0:2.6.32-220.23.1.el6
  • kernel-0:2.6.32-131.29.1.el6
  • kernel-bootwrapper-0:2.6.32-131.29.1.el6
  • kernel-debug-0:2.6.32-131.29.1.el6
  • kernel-debug-debuginfo-0:2.6.32-131.29.1.el6
  • kernel-debug-devel-0:2.6.32-131.29.1.el6
  • kernel-debuginfo-0:2.6.32-131.29.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-131.29.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-131.29.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-131.29.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-131.29.1.el6
  • kernel-devel-0:2.6.32-131.29.1.el6
  • kernel-doc-0:2.6.32-131.29.1.el6
  • kernel-firmware-0:2.6.32-131.29.1.el6
  • kernel-headers-0:2.6.32-131.29.1.el6
  • kernel-kdump-0:2.6.32-131.29.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-131.29.1.el6
  • kernel-kdump-devel-0:2.6.32-131.29.1.el6
  • perf-0:2.6.32-131.29.1.el6
  • perf-debuginfo-0:2.6.32-131.29.1.el6