Информационная безопасность
[RU] switch to English

Уязвимости безопасности в ядре Linux
дополнено с 2 января 2013 г.
Опубликовано:21 января 2013 г.
SecurityVulns ID:12804
Уровень опасности:
Описание:Некорректная работа с добавленной в горячем режиме памятью, утечка информации при загрузке модулей, DoS
Затронутые продукты:LINUX : kernel 2.6
 LINUX : kernel 3.5
CVE:CVE-2012-5532 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.)
 CVE-2012-5517 (The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.)
 CVE-2012-4530 (The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.)
 CVE-2012-4461 (The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl.)
Оригинальный текстdocumentUBUNTU, [USN-1696-1] Linux kernel vulnerabilities (21.01.2013)
 documentUBUNTU, [USN-1683-1] Linux kernel vulnerability (14.01.2013)
 documentUBUNTU, [USN-1677-1] Linux kernel vulnerability (02.01.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород