|
|
Log in / Subscribe / Register

kernel: multiple vulnerabilities

Package(s):kernel kernel-pae CVE #(s):CVE-2010-1084 CVE-2010-1087 CVE-2010-1146
Created:April 27, 2010 Updated:September 23, 2010
Description: From the Pardus advisory:

Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c. (CVE-2010-1084)

The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. (CVE-2010-1087)

The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/. (CVE-2010-1146)

Alerts:
openSUSE openSUSE-SU-2010:0664-1 Linux 2010-09-23
SUSE SUSE-SA:2010:035 kernel 2010-08-18
Red Hat RHSA-2010:0631-01 kernel-rt 2010-08-17
CentOS CESA-2010:0610 kernel 2010-08-11
Red Hat RHSA-2010:0610-01 kernel 2010-08-10
Debian DSA-2053-1 linux-2.6 2010-05-25
Pardus 2010-63 kernel kernel-pae 2010-05-18
rPath rPSA-2010-0037-1 kernel 2010-05-07
Pardus 2010-57 kernel kernel-pae 2010-04-27
CentOS CESA-2010:0504 kernel 2010-07-02
SUSE SUSE-SA:2010:031 kernel 2010-07-20
openSUSE openSUSE-SU-2010:0397-1 Linux Kernel 2010-07-19
Red Hat RHSA-2010:0504-01 kernel 2010-07-01
Ubuntu USN-947-2 kernel 2010-06-04
Ubuntu USN-947-1 linux, linux-source-2.6.15 2010-06-03
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds