Eugene Teo

**Nome do software vulnerável e versões afetadas** Versões do kernel Linux até a 3.1 **Descrição** A vulnerabilidade permite que usuários locais obtenham informações confidenciais sobre teclas digitadas por meio do acesso a `/dev/pts/` e `/dev/tty*`. Isso está relacionado a um componente do kernel Linux associado à divulgação de informações. A exploração dessa vulnerabilidade pode permitir que um invasor obtenha acesso não autorizado a informações protegidas. **Recomendações** Para versões do kernel Linux até a 3.1, considere restringir o acesso a `/dev/pts/` e `/dev/tty*` para minimizar o risco de exploração. Como solução temporária, limite o acesso de usuários locais a informações confidenciais até que um patch esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do kernel Linux anteriores à 3.3 **Descrição** A vulnerabilidade permite que usuários locais provoquem uma negação de serviço, resultando em corrupção da pilha e panico, por meio de um aplicativo malicioso que desencadeia uma determinada disputa de bloqueio. Isso ocorre porque o manipulador int3 depende de uma pilha de depuração por CPU. **Recomendações** Para versões anteriores à 3.3, atualize para a versão 3.3 ou posterior para resolver o problema.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.x through 4.x Description: The issue is a memory leak in the videobuf subsystem, specifically in the drivers/media/video/videobuf-core.c file. This allows local users to cause a denial of service by consuming memory through a series of mmap calls that require new allocations, leveraging access to /dev/video. As of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. Recommendations: For Linux kernel versions 2.6.x through 4.x, consider updating the affected drivers to use videobuf2 instead of videobuf to mitigate the risk of memory consumption. As a temporary workaround, restrict access to /dev/video to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.37 **Description** The issue is related to a buffer overflow in the fuse do ioctl function in fs/fuse/file.c, which can be exploited by local users. This can lead to a denial of service or possibly have other unspecified impacts by leveraging the ability to operate a CUSE server. **Recommendations** For Linux kernel versions prior to 2.6.37, update to version 2.6.37 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.2.2 **Description** The issue allows local users to cause a denial of service via incorrect iocb management in the kiocb batch free function. **Recommendations** For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.1 **Description** The issue affects the net subsystem in the Linux kernel, where it does not properly restrict the use of the IFF TX SKB SHARING flag. This allows local users with the CAP NET ADMIN capability to cause a denial of service (panic) by accessing /proc/net/pktgen/pgctrl and then using the pktgen package in conjunction with a bridge device for a VLAN interface. **Recommendations** For Linux kernel versions prior to 3.1, update to version 3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.22 **Description** The issue is related to a double free vulnerability in the `xfrm6 tunnel rcv` function. This vulnerability can be exploited by remote attackers who send crafted IPv6 packets, potentially causing a denial of service (panic) when the `xfrm6 tunnel` module is enabled. **Recommendations** For Linux kernel versions prior to 2.6.22, update to version 2.6.22 or later to resolve the issue. As a temporary workaround, consider disabling the `xfrm6 tunnel` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.2.2 **Description** The issue allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX BG group size (aka s log groups per flex value). This problem exists because of an incomplete fix for a previous issue. **Recommendations** For Linux kernel versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.29 **Description** The issue allows local users to cause a denial of service, resulting in a system crash, by utilizing the mknod system call with a pathname on an NFSv4 filesystem. This is due to a problem in the encode share access function in fs/nfs/nfs4xdr.c. **Recommendations** For versions prior to 2.6.29, update to version 2.6.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the mknod system call on NFSv4 filesystems to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.31-rc6 **Description** The issue is related to the NFS implementation in the Linux kernel, where certain functions are called without properly initializing specific data. This can be exploited by local users to cause a denial of service, resulting in a NULL pointer dereference and O DIRECT oops. An example of exploitation is demonstrated using the diotest4 test from the LTP suite. **Recommendations** For Linux kernel versions prior to 2.6.31-rc6, update to version 2.6.31-rc6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.38 **Description** The issue allows remote DNS servers to cause a denial of service by not providing a valid response to a DNS query. This can trigger improper handling of error data within a DNS resolver key, resulting in a NULL pointer dereference and OOPS. **Recommendations** For Linux kernel versions prior to 2.6.38, update to version 2.6.38 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.21 Red Hat Enterprise Linux (RHEL) 5 **Description** The issue is related to a certain Red Hat patch to the sctp sock migrate function in net/sctp/socket.c in the Linux kernel. It allows remote attackers to cause a denial of service via a crafted SCTP packet, resulting in a NULL pointer dereference and OOPS. **Recommendations** For Linux kernel versions prior to 2.6.21, update to version 2.6.21 or later to resolve the issue. For Red Hat Enterprise Linux (RHEL) 5, consider applying a patch or update provided by Red Hat to fix the vulnerability in the sctp sock migrate function.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.0-rc1 **Description** The issue allows local users to cause a denial of service, resulting in a system crash, by arranging for all resource groups to have too little free space. This is due to the gfs2 fallocate function in fs/gfs2/file.c not ensuring that the size of a chunk allocation is a multiple of the block size. **Recommendations** For Linux kernel versions prior to 3.0-rc1, update to version 3.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the gfs2 fallocate function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Xen (affected versions not specified) **Description** The issue is related to the handling of cpuid instruction emulation when exiting the VM. Local guest users can cause a denial of service, resulting in a guest crash, via unspecified vectors when using x86 Intel processors and the VMX virtualization extension is enabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** The issue allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet. This is due to a problem in the econet sendmsg function in net/econet/af econet.c on the x86 64 platform. **Recommendations** For Linux kernel versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** The issue is related to the cifs close function in the Linux kernel, which can cause a denial of service due to a NULL pointer dereference and BUG when the O DIRECT flag is set during an attempt to open a file on a CIFS filesystem. This could potentially have other unspecified impacts. **Recommendations** For Linux kernel versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the O DIRECT flag when opening files on a CIFS filesystem until the kernel is updated.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** The issue is related to the `bond select queue` function in the Linux kernel, which does not properly restrict queue indexes when a network device with a large number of receive queues is installed but the default `tx queues` setting is used. This allows remote attackers to cause a denial of service, resulting in a system crash, or possibly have other unspecified impacts by sending network traffic. **Recommendations** For Linux kernel versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.38 **Description** The issue is related to the Reliable Datagram Sockets (RDS) subsystem in the Linux kernel, which does not properly handle congestion map updates. This can be exploited by local users to cause a denial of service, resulting in a system crash. The exploitation vectors involve either a loopback transmit operation or an InfiniBand transmit operation. **Recommendations** For Linux kernel versions prior to 2.6.38, update to version 2.6.38 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.37 **Description** The issue allows local users to bypass Integrity Measurement Architecture (IMA) rules under certain circumstances when the Linux Security Modules (LSM) framework is disabled. This can happen when an administrator adds an IMA rule for LSM, and it can be exploited by local users in opportunistic situations. **Recommendations** For Linux kernel versions prior to 2.6.37, update to version 2.6.37 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.34 **Description** The issue is related to the calculation of chunk lengths for INIT and INIT ACK chunks in the Linux kernel. When `addip enable` and `auth enable` are used, the amount of zero padding is not considered, allowing remote attackers to cause a denial of service via crafted packet data. **Recommendations** For Linux kernel versions prior to 2.6.34, update to version 2.6.34 or later to resolve the issue.