Nelson Elhage

**Name of the Vulnerable Software and Affected Versions** v86d versions prior to 0.1.10 **Description** The issue is related to the verification of received netlink messages. Specifically, it does not verify if these messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially have other consequences. **Recommendations** For versions prior to 0.1.10, update to version 0.1.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** qemu-kvm version 0.14.0 and earlier **Description** The issue is related to a buffer overflow in the virtio subsystem, allowing privileged guest users to cause a denial of service or gain privileges via a crafted indirect descriptor. This is related to "virtqueue in and out requests." Additionally, there are multiple vulnerabilities in the kvm package of the openSUSE operating system that can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by an attacker who has passed the authentication procedure. **Recommendations** For qemu-kvm version 0.14.0 and earlier, consider updating to a newer version to mitigate the risk, as the current version allows for potential denial of service or privilege escalation. As a temporary workaround, consider restricting access to the virtio subsystem until a patch is available. Avoid using crafted indirect descriptors related to "virtqueue in and out requests" in the affected qemu-kvm versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** qemu-kvm (affected versions not specified) **Description** The issue is related to the pciej write function in the PIIX4 Power Management emulation, which does not properly check if a device is hotpluggable before unplugging the PCI-ISA bridge. This allows privileged guest users to potentially cause a denial of service, leading to a guest crash, and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI EJ BASE) I/O port. The issue is related to a use-after-free problem concerning "active qemu timers." **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.38 **Description** The issue allows local users to cause a denial of service, resulting in either a deadlock or stack memory consumption, by making epoll create and epoll ctl system calls via a crafted application. This is due to the improper checking for closed loops or deep chains when placing epoll file descriptors within other epoll data structures. **Recommendations** For Linux kernel versions prior to 2.6.38, update to version 2.6.38 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.37.2 **Description** The issue is related to the epoll implementation in the Linux kernel, which does not properly traverse a tree of epoll file descriptors. This allows local users to cause a denial of service, specifically CPU consumption, by using a crafted application that makes `epoll create` and `epoll ctl` system calls. **Recommendations** For Linux kernel versions prior to 2.6.37.2, consider upgrading to a newer version to resolve the issue. As a temporary workaround, restrict the use of the `epoll create` and `epoll ctl` system calls to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.37-rc6 **Description** The issue allows remote attackers to cause a denial of service by sending a specific packet over UDP, resulting in a NULL pointer dereference and OOPS. This occurs when the Econet protocol is enabled and an Acorn Universal Networking (AUN) packet is sent. **Recommendations** For Linux kernel versions prior to 2.6.37-rc6, update to version 2.6.37-rc6 or later to resolve the issue. As a temporary workaround, consider disabling the Econet protocol to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.36.2 **Description** A stack-based buffer overflow issue exists in the econet sendmsg function, located in net/econet/af econet.c. This issue can be exploited by local users when an econet address is configured, allowing them to gain privileges by providing a large number of iovec structures. **Recommendations** For versions prior to 2.6.36.2, update to version 2.6.36.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the econet sendmsg function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.36.2 **Description** The issue is related to the econet sendmsg function in the Linux kernel. It allows local users to cause a denial of service, resulting in a NULL pointer dereference and OOPS, by making a sendmsg call with a NULL value for the remote address field when an econet address is configured. **Recommendations** For versions prior to 2.6.36.2, update to version 2.6.36.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.36.2 **Description** The issue allows local users to bypass intended access restrictions and configure econet addresses. This is due to the ec dev ioctl function in net/econet/af econet.c not requiring the CAP NET ADMIN capability, enabling users to make changes via an SIOCSIFADDR ioctl call. **Recommendations** For versions prior to 2.6.36.2, update to version 2.6.36.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.37-rc2 **Description** The issue is related to the improper auditing of INET DIAG bytecode in the Linux kernel. Local users can cause a denial of service, specifically a kernel infinite loop, by sending crafted INET DIAG REQ BYTECODE instructions in a netlink message that contains multiple attribute elements. This can be achieved using INET DIAG BC JMP instructions. **Recommendations** For Linux kernel versions prior to 2.6.37-rc2, update to version 2.6.37-rc2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.24.1 **Description** The issue allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the `vm file` structure member, and the `mmap region` and `do munmap` functions. **Recommendations** For versions prior to 2.6.24.1, update to version 2.6.24.1 or later to resolve the issue.