Dave Jones

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.5.7 **Description** The issue is related to the sock setsockopt function in the Linux kernel, which does not properly validate the association of a keepalive action with a stream socket. This allows local users to cause a denial of service, resulting in a system crash, by creating a raw socket. **Recommendations** For Linux kernel versions prior to 3.5.7, update to version 3.5.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.12.2 **Description** The issue is related to the perf trace event perm function in the Linux kernel, which does not properly restrict access to the perf subsystem. This allows local users to enable function tracing via a crafted application. **Recommendations** For versions prior to 3.12.2, update to version 3.12.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.10.3 **Description** The issue is related to the incorrect handling of pending data in the `udp v6 push pending frames` function in the IPv6 implementation. This can be exploited by local users through a crafted application that utilizes the `UDP CORK` option in a `setsockopt` system call, leading to a denial of service (BUG and system crash). **Recommendations** For Linux kernel versions prior to 3.10.3, update to version 3.10.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `UDP CORK` option in `setsockopt` system calls until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.10 **Description** The issue allows local users to cause a denial of service, resulting in a system crash. This occurs when using an AF INET6 socket for a connection to an IPv4 interface, specifically due to the `ip6 sk dst check` function in `net/ipv6/ip6 output.c`. **Recommendations** For versions prior to 3.10, update to version 3.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39-rc6 **Description** The issue is related to the `bcm release` function in the Linux kernel, which does not properly validate a socket data structure. This can be exploited by local users to cause a denial of service, resulting in a NULL pointer dereference, or possibly have other unspecified impacts via a crafted release operation. **Recommendations** For Linux kernel versions prior to 2.6.39-rc6, update to version 2.6.39-rc6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.36.2 **Description** The issue concerns the ACPI subsystem in the Linux kernel, where the debugfs custom method file has 0222 permissions, allowing local users to gain privileges. This is related to the acpi debugfs init function in drivers/acpi/debugfs.c. The problem can be exploited by placing a custom ACPI method in the ACPI interpreter tables. **Recommendations** For Linux kernel versions prior to 2.6.36.2, update to version 2.6.36.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** openSUSE (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in various packages of the openSUSE operating system, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Linux kernel versions 2.4.21 openSUSE kernel-ps3-debuginfo (affected versions not specified) openSUSE kernel-ps3-debugsource (affected versions not specified) Linux kernel versions prior to 2.6.32-rc8 **Description** The issue involves multiple vulnerabilities in the kernel packages of various Linux distributions, including Red Hat Enterprise Linux and openSUSE. These vulnerabilities can be exploited remotely, potentially leading to disruptions in the availability, confidentiality, and integrity of protected information. In the Linux kernel, a specific vulnerability is related to an array index error in the `gdth read event` function, which can be exploited by local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. **Recommendations** For Red Hat Enterprise Linux kernel version 2.4.21, update to a version that includes the necessary security patches. For openSUSE kernel-ps3-debuginfo and kernel-ps3-debugsource, there is no information about a newer version that contains a fix for this vulnerability. For Linux kernel versions prior to 2.6.32-rc8, update to version 2.6.32-rc8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `gdth read event` function in the Linux kernel until a patch is available.