Showing 1 - 4 of 4

CVE-2010-3442

Status Candidate

Overview

Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.

Related Files

VMware Security Advisory 2011-0012: Posted Oct 14, 2011; Authored by VMware | Site vmware.com; VMware Security Advisory 2011-0012 - VMware ESXi and ESX updates to third party libraries and ESX Service Console address several security issues.; tags | advisory; advisories | CVE-2010-0296, CVE-2010-1083, CVE-2010-1323, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075; SHA-256 | 7fd5e9259774393a258a0c189d667e06ba833c9fb8b0cd11fa8fb35727aecafa; Download | Favorite | View

Ubuntu Security Notice USN-1093-1: Posted Mar 25, 2011; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1093-1 - Joel Becker discovered that OCFS2 did not correctly validate on-disk symlink structures. Ben Hutchings discovered that the ethtool interface did not correctly check certain sizes. Eric Dumazet discovered that many network functions could leak kernel stack contents. Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. A large number of additional vulnerabilities have also been address.; tags | advisory, kernel, vulnerability; systems | linux, ubuntu; advisories | CVE-2010-2478, CVE-2010-2942, CVE-2010-2943, CVE-2010-2954, CVE-2010-2955, CVE-2010-2960, CVE-2010-2962, CVE-2010-2963, CVE-2010-3067, CVE-2010-3078, CVE-2010-3079, CVE-2010-3080, CVE-2010-3084, CVE-2010-3296, CVE-2010-3297, CVE-2010-3298, CVE-2010-3310, CVE-2010-3432, CVE-2010-3437, CVE-2010-3442, CVE-2010-3477, CVE-2010-3705, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-3858, CVE-2010-3859, CVE-2010-3861; SHA-256 | c0782ec52287eab8561329a78cec59713d72aef79fd6b9dd6d11304a47144159; Download | Favorite | View

Mandriva Linux Security Advisory 2010-257: Posted Dec 17, 2010; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2010-257 - The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service via a crafted exec system call, a related issue to CVE-2010-2240. drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. Various other issues have been addressed as well.; tags | advisory, denial of service, arbitrary, kernel, local; systems | linux, mandriva; advisories | CVE-2010-3858, CVE-2010-2963, CVE-2010-3067, CVE-2010-3442, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850; SHA-256 | 1e230666cbb1fc66c91156a8035fbdbdaca4fbe40c2a8ed95fd1ecd43722fa30; Download | Favorite | View