Marcel Holtmann

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3 **Description** The issue allows attackers to cause a denial of service, leading to a panic, through an ASN.1 BER file that lacks a public key. This is due to the mishandling by the `public key verify signature` function in crypto/asymmetric keys/public key.c when the `asn1 ber decoder` function in lib/asn1 decoder.c is used. **Recommendations** For Linux kernel versions prior to 4.3, update to version 4.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of ASN.1 BER files that lack a public key to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.19 Description: The issue is related to the `altivec unavailable exception` function in the Linux kernel, which mishandles the case where `CONFIG ALTIVEC` is defined and the CPU supports Altivec, but the kernel does not detect this support. This can be exploited by local users to cause a denial of service (panic) by executing an Altivec instruction. Recommendations: For Linux kernel versions prior to 2.6.19, update to version 2.6.19 or later to resolve the issue. As a temporary workaround, consider disabling the execution of Altivec instructions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.4.x through 2.6.17 **Description** The issue is related to the perfmonctl system call in the Linux kernel, which does not properly track the reference count for file descriptors when running on Itanium systems. This allows local users to cause a denial of service by consuming file descriptors. **Recommendations** For Linux kernel versions 2.4.x through 2.6.17, consider upgrading to a version 2.6.18 or later to resolve the issue. As a temporary workaround, restrict access to the sys perfmonctl system call to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed, resulting in a freed pointer dereference. This occurs in the `clip mkip` function in `net/atm/clip.c` of the ATM subsystem. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GnuPG (gpg) version 1.4.4 **Description** The issue is related to an integer overflow in the `parse comment` function, which can be exploited by remote attackers to cause a denial of service, resulting in a segmentation fault. This can be achieved by sending a crafted message. **Recommendations** For GnuPG (gpg) version 1.4.4, update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Linux kernel version 2.6.16 Description: A race condition exists in the do add counters function in netfilter for the Linux kernel, allowing local users with CAP NET ADMIN capabilities to read kernel memory. This is achieved by triggering the race condition to produce a size value inconsistent with allocated memory, resulting in a buffer over-read in IPT ENTRY ITERATE. Recommendations: For Linux kernel version 2.6.16, consider restricting access to the do add counters function or applying configuration changes to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.4.x and 2.6.x up to 2.6.16 **Description** The issue allows local users to bypass IPC permissions and modify a readonly attachment of shared memory. This is achieved by using `mprotect` to give write permission to the attachment. **Recommendations** For Linux kernel versions 2.4.x and 2.6.x up to 2.6.16, consider restricting the use of `mprotect` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux versions prior to 2.6.17 **Description** A directory traversal issue in the smbfs component of Linux allows local users to bypass chroot restrictions on an SMB-mounted filesystem by utilizing ".." sequences. This issue is similar to a previously identified vulnerability. **Recommendations** For Linux versions prior to 2.6.17, update to version 2.6.17 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux versions prior to 2.6.17 **Description** A directory traversal issue in the CIFS implementation allows local users to bypass chroot restrictions on an SMB-mounted filesystem by utilizing ".." sequences. **Recommendations** For Linux versions prior to 2.6.17, update to version 2.6.17 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.16.9 FreeBSD kernel (affected versions not specified) **Description** The issue allows one process to determine portions of the state of floating point instructions of other processes, potentially leading to the disclosure of sensitive information such as cryptographic keys. This occurs because the kernels only save/restore certain x87 registers when an exception is pending on AMD64 and other 7th and 8th generation AuthenticAMD processors. **Recommendations** For Linux kernel versions prior to 2.6.16.9, update to version 2.6.16.9 or later to resolve the issue. For the FreeBSD kernel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.16.8 Description: The issue allows local users to cause a denial of service, resulting in a system panic. This occurs when a request is made for a route for a multicast IP address, which triggers a null dereference. Recommendations: For Linux kernel versions prior to 2.6.16.8, update to version 2.6.16.8 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Linux kernel version 2.6.16 Description: The issue is related to the improper use of BUG ON in the group complete signal function within the RCU signal handling (signal.c) in the Linux kernel. The impact and attack vectors of this issue are unknown. Recommendations: For Linux kernel version 2.6.16, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.17 Description: The issue allows local users to cause a denial of service via keyctl requests that add a key to a user key instead of a keyring key, resulting in an invalid dereference in the ` keyring search one` function. This occurs due to a problem in the `sys add key` function within the keyring code. Recommendations: For Linux kernel versions prior to 2.6.17, consider restricting access to the `sys add key` function until a patch is available. As a temporary workaround, avoid using the `keyctl` requests that add a key to a user key instead of a keyring key to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Linux versions prior to 2.6.16-rc3 Description: The issue is related to an integer overflow in the do replace function in netfilter for Linux. This can be exploited by local users with CAP NET ADMIN rights to cause a buffer overflow in the copy from user function, particularly when using virtualization solutions such as OpenVZ. Recommendations: For Linux versions prior to 2.6.16-rc3, update to version 2.6.16-rc3 or later to resolve the issue. As a temporary workaround, consider restricting the use of CAP NET ADMIN rights to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux kernel-patch-2.4.27-s390 (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the kernel-patch-2.4.27-s390 package of Debian GNU/Linux. These vulnerabilities can be exploited remotely, potentially leading to a disruption of protected information availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSUSE (affected versions not specified) **Description** The issue affects the confidentiality, integrity, and availability of protected information in openSUSE. Exploitation of the vulnerabilities can be done remotely. The vulnerabilities exist in various packages, including wlan-kmp-xenpae, novfs-kmp-xen, tpctl-kmp-bigsmp, pcfclock-kmp-smp, wlan-kmp-ppc64, pcfclock-kmp-ppc64, hbedv-dazuko-kmp-bigsmp, ndiswrapper-kmp-xenpae, audit-devel, zaptel-kmp-default, ndiswrapper-kmp-xen, novfs-kmp-smp, drbd-kmp-xenpae, hbedv-dazuko-kmp-xenpae, wlan-kmp-debug, novfs-kmp-default, novfs-kmp-debug, hbedv-dazuko-kmp-debug, yast2-apparmor, apparmor-admin en-10, novfs-kmp-xenpae, zaptel-kmp-xen, cloop-kmp-debug, wlan-kmp-xen, hbedv-dazuko-kmp-smp, drbd, ndiswrapper-kmp-debug, tpctl-kmp-smp, wlan-kmp-iseries64, hbedv-dazuko-kmp-default, cloop-kmp-smp, hbedv-dazuko-kmp-xen, cloop-kmp-iseries64, drbd-kmp-ppc64, cloop-kmp-xenpae, wlan-kmp-smp, apparmor-utils, audit-libs, cloop-kmp-bigsmp, drbd-kmp-xen, apparmor-docs, zaptel-kmp-smp, drbd-kmp-iseries64, wlan-kmp-bigsmp, drbd-kmp-bigsmp, cloop-kmp-ppc64, openafs-kmp-xenpae, apparmor-profiles, wlan-kmp-default, ndiswrapper-kmp-smp, audit, usbvision-kmp-smp, zaptel-kmp-debug, tpctl-kmp-default, kernel-patch-2.4.27-s390, zaptel-kmp-xenpae, drbd-kmp-smp, zaptel-kmp-bigsmp, apparmor-parser, novfs-kmp-bigsmp, ndiswrapper-kmp-bigsmp, pcfclock-kmp-bigsmp. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSUSE (affected versions not specified) Linux kernel versions 2.6.13 through 2.6.17.4 Linux kernel version 2.6.16 through 2.6.16.24 **Description** The issue affects multiple packages in the openSUSE operating system, allowing for remote exploitation that may lead to a breach of confidentiality, integrity, and availability of protected information. In the Linux kernel, the suid dumpable support allows a local user to cause a denial of service and possibly gain privileges via the PR SET DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSUSE (affected versions not specified) Linux kernel versions prior to 2.6.17.3 and 2.6.16.23 **Description** The issue involves multiple vulnerabilities in various packages of the openSUSE operating system, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The Linux kernel is also affected, with versions prior to 2.6.17.3 and 2.6.16.23 being vulnerable to a denial of service (crash) via a packet without any chunks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** usbvision-kmp-default versions (affected versions not specified) usbvision-kmp-debug versions (affected versions not specified) usbvision-kmp-bigsmp versions (affected versions not specified) usbvision-kmp-xenpae versions (affected versions not specified) usbvision-kmp-xen versions (affected versions not specified) Linux kernel versions 2.6.x up to 2.6.17 **Description** The issue concerns multiple vulnerabilities in the usbvision-kmp packages of the openSUSE operating system, which can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. Additionally, a vulnerability in the Linux kernel's ftdi sio driver allows local users to cause a denial of service by overloading the serial port with more data than the hardware can handle, resulting in memory consumption. **Recommendations** For usbvision-kmp-default, consider disabling the vulnerable components until a patch is available. For usbvision-kmp-debug, restrict access to the vulnerable modules to minimize the risk of exploitation. For usbvision-kmp-bigsmp, avoid using the vulnerable functions until the issue is resolved. For usbvision-kmp-xenpae, consider applying configuration changes to mitigate the risk. For usbvision-kmp-xen, restrict access to the vulnerable parameters to minimize the risk of exploitation. For Linux kernel versions 2.6.x up to 2.6.17, update to a version later than 2.6.17 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** linux-headers-2.6.18-5 versions 2.6.18-5 linux-image-2.6.18-5 versions 2.6.18-5 linux-modules-2.6.18-5 versions 2.6.18-5 linux-support-2.6.18-5 versions 2.6.18-5 **Description** The issue affects the Linux kernel, specifically the CIFS filesystem, when Unix extension support is enabled. This could allow local users to gain privileges, leading to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For linux-headers-2.6.18-5 version 2.6.18-5, update to a version that includes the fix for the CIFS filesystem issue. For linux-image-2.6.18-5 version 2.6.18-5, update to a version that includes the fix for the CIFS filesystem issue. For linux-modules-2.6.18-5 version 2.6.18-5, update to a version that includes the fix for the CIFS filesystem issue. For linux-support-2.6.18-5 version 2.6.18-5, update to a version that includes the fix for the CIFS filesystem issue.