Vulnerabilites related to redhat - enterprise_linux_server_workstation
cve-2023-0494
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2025-02-24 17:43
Severity ?
EPSS score ?
Summary
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | xorg-x11-server |
Version: xorg-server 21.1.7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:10:56.201Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165995", }, { tags: [ "x_transferred", ], url: "https://lists.x.org/archives/xorg-announce/2023-February/003320.html", }, { tags: [ "x_transferred", ], url: "https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec", }, { name: "GLSA-202305-30", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-30", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-0494", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-24T17:41:52.537361Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-24T17:43:00.816Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "xorg-x11-server", vendor: "n/a", versions: [ { status: "affected", version: "xorg-server 21.1.7", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00.000Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165995", }, { url: "https://lists.x.org/archives/xorg-announce/2023-February/003320.html", }, { url: "https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec", }, { name: "GLSA-202305-30", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-30", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-0494", datePublished: "2023-03-27T00:00:00.000Z", dateReserved: "2023-01-25T00:00:00.000Z", dateUpdated: "2025-02-24T17:43:00.816Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9131
Vulnerability from cvelistv5
Published
2017-01-12 06:06
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1037582 | vdb-entry, x_refsource_SECTRACK | |
| https://security.gentoo.org/glsa/201708-01 | vendor-advisory, x_refsource_GENTOO | |
| https://kb.isc.org/article/AA-01439/74/CVE-2016-9131 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95386 | vdb-entry, x_refsource_BID | |
| https://security.netapp.com/advisory/ntap-20180926-0005/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3758 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:1583 | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2017-0062.html | vendor-advisory, x_refsource_REDHAT | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:42:10.552Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1037582", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037582", }, { name: "GLSA-201708-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201708-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.isc.org/article/AA-01439/74/CVE-2016-9131", }, { name: "95386", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95386", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180926-0005/", }, { name: "DSA-3758", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3758", }, { name: "RHSA-2017:1583", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1583", }, { name: "RHSA-2017:0062", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0062.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-11T00:00:00", descriptions: [ { lang: "en", value: "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-27T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1037582", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037582", }, { name: "GLSA-201708-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201708-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.isc.org/article/AA-01439/74/CVE-2016-9131", }, { name: "95386", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95386", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180926-0005/", }, { name: "DSA-3758", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3758", }, { name: "RHSA-2017:1583", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1583", }, { name: "RHSA-2017:0062", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0062.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9131", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1037582", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037582", }, { name: "GLSA-201708-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201708-01", }, { name: "https://kb.isc.org/article/AA-01439/74/CVE-2016-9131", refsource: "CONFIRM", url: "https://kb.isc.org/article/AA-01439/74/CVE-2016-9131", }, { name: "95386", refsource: "BID", url: "http://www.securityfocus.com/bid/95386", }, { name: "https://security.netapp.com/advisory/ntap-20180926-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180926-0005/", }, { name: "DSA-3758", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3758", }, { name: "RHSA-2017:1583", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1583", }, { name: "RHSA-2017:0062", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2017-0062.html", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9131", datePublished: "2017-01-12T06:06:00", dateReserved: "2016-10-31T00:00:00", dateUpdated: "2024-08-06T02:42:10.552Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-3080
Vulnerability from cvelistv5
Published
2009-11-20 17:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:14:55.614Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "38276", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/38276", }, { name: "MDVSA-2010:030", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:030", }, { name: "SUSE-SA:2009:061", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html", }, { name: "USN-864-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-864-1", }, { name: "SUSE-SA:2010:001", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html", }, { name: "37435", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37435", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/css/P8/documents/100073666", }, { name: "37720", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37720", }, { name: "37909", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37909", }, { name: "RHSA-2010:0882", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0882.html", }, { name: "MDVSA-2011:051", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051", }, { name: "SUSE-SA:2009:064", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8", }, { name: "oval:org.mitre.oval:def:7101", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2011-0009.html", }, { name: "SUSE-SA:2010:013", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html", }, { name: "37068", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/37068", }, { name: "RHSA-2010:0095", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html", }, { name: "SUSE-SA:2010:005", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html", }, { name: "RHSA-2010:0046", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0046.html", }, { name: "oval:org.mitre.oval:def:12862", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0", }, { name: "DSA-2005", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2010/dsa-2005", }, { name: "FEDORA-2009-13098", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html", }, { name: "oval:org.mitre.oval:def:10989", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989", }, { name: "RHSA-2010:0041", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0041.html", }, { name: "38017", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/38017", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-11-19T00:00:00", descriptions: [ { lang: "en", value: "Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-18T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "38276", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/38276", }, { name: "MDVSA-2010:030", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:030", }, { name: "SUSE-SA:2009:061", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html", }, { name: "USN-864-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-864-1", }, { name: "SUSE-SA:2010:001", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html", }, { name: "37435", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37435", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/css/P8/documents/100073666", }, { name: "37720", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37720", }, { name: "37909", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37909", }, { name: "RHSA-2010:0882", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0882.html", }, { name: "MDVSA-2011:051", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051", }, { name: "SUSE-SA:2009:064", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8", }, { name: "oval:org.mitre.oval:def:7101", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2011-0009.html", }, { name: "SUSE-SA:2010:013", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html", }, { name: "37068", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/37068", }, { name: "RHSA-2010:0095", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html", }, { name: "SUSE-SA:2010:005", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html", }, { name: "RHSA-2010:0046", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0046.html", }, { name: "oval:org.mitre.oval:def:12862", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0", }, { name: "DSA-2005", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2010/dsa-2005", }, { name: "FEDORA-2009-13098", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html", }, { name: "oval:org.mitre.oval:def:10989", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989", }, { name: "RHSA-2010:0041", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0041.html", }, { name: "38017", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/38017", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2009-3080", datePublished: "2009-11-20T17:00:00", dateReserved: "2009-09-04T00:00:00", dateUpdated: "2024-08-07T06:14:55.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2009-11-20 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| opensuse | opensuse | 11.1 | |
| opensuse | opensuse | 11.2 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 10 | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| vmware | esx | 3.5 | |
| redhat | virtualization | 5.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_eus | 5.4 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server_workstation | 5.0 | |
| redhat | fedora | 10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8373D74A-0480-4E80-9758-1F35F4904C7E", versionEndIncluding: "2.6.31.6", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*", matchCriteriaId: "37B2E2B1-3E39-4DBA-817D-08F34D9F6E53", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*", matchCriteriaId: "C85D4E0A-14DA-4884-AF6F-A0F54304430F", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*", matchCriteriaId: "218DE1D1-3843-4076-9AE4-70AA0FD99B3E", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*", matchCriteriaId: "2677114B-AF05-42EB-BBC8-FA85CD631C21", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.32:rc5:*:*:*:*:*:*", matchCriteriaId: "FA8D64E1-A700-4D9E-9063-EC3CFC1A6D98", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", matchCriteriaId: "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", matchCriteriaId: "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*", matchCriteriaId: "513797E6-FCE6-4E84-9B66-202541F9601E", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", matchCriteriaId: "1E496249-23A8-42FC-A109-634A54B5600F", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:*", matchCriteriaId: "105187A7-2AFE-46F9-B0A9-F09C7E10BFBD", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*", matchCriteriaId: "79A35457-EAA3-4BF9-A4DA-B2E414A75A02", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", matchCriteriaId: "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*", matchCriteriaId: "C0507E91-567A-41D6-A7E5-5088A39F75FB", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", matchCriteriaId: "4747CC68-FAF4-482F-929A-9DA6C24CB663", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", matchCriteriaId: "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", matchCriteriaId: "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*", matchCriteriaId: "BFF29100-E124-4416-95CF-18B4246D43F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:virtualization:5.0:*:*:*:*:*:*:*", matchCriteriaId: "FCFEF451-4B77-4259-8000-B252E699A950", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*", matchCriteriaId: "4DD6917D-FE03-487F-9F2C-A79B5FCFBC5A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_workstation:5.0:*:*:*:*:*:*:*", matchCriteriaId: "A550C079-C887-481A-B706-7EB35C400C98", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:*", matchCriteriaId: "BA70E035-8475-4046-ABD7-5AE59F874EBA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.", }, { lang: "es", value: "Error de indice de matriz en la función gdth_read_event en drivers/scsi/gdth.c en el kernel de Linux antes de v2.6.32-RC8 permite a usuarios locales provocar una denegación de servicio o posiblemente obtener privilegios a través de un índice de evento negativo en una solicitud IOCTL.", }, ], id: "CVE-2009-3080", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-11-20T17:30:00.420", references: [ { source: "secalert@redhat.com", url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/37435", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/37720", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/37909", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/38017", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/38276", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/css/P8/documents/100073666", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2010/dsa-2005", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:030", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0041.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0882.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/37068", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-864-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2011-0009.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0046.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/37435", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/37720", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/37909", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/38017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/38276", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/css/P8/documents/100073666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2010/dsa-2005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:030", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0882.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/37068", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-864-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2011-0009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0046.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-27 21:15
Modified
2025-02-24 18:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*", matchCriteriaId: "8B7D5030-1EC6-4BAD-B66D-859A906E3D38", versionEndExcluding: "21.1.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.1:*:*:*:*:*:*:*", matchCriteriaId: "EF30E57A-97EA-4A44-8404-6AE4F058B44D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "4D5F4FA7-E5C5-4C23-BDA8-36A36972E4F4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "5CA4F12A-5BC5-4D75-8F20-80D8BB2C5BF2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", matchCriteriaId: "566507B6-AC95-47F7-A3FB-C6F414E45F51", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", matchCriteriaId: "87C21FE1-EA5C-498F-9C6C-D05F91A88217", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "9EF5C4AC-CA69-41E3-AD93-7AC21931374A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "983533DD-3970-4A37-9A9C-582BD48AA1E5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "729C515E-1DD3-466D-A50B-AFE058FFC94A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "492DF629-16B8-4882-822D-A6897B03DD30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3921C1CF-A16D-4727-99AD-03EFFA7C91CA", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "DC7808D1-B267-4361-8187-5AB70B64179A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.", }, ], id: "CVE-2023-0494", lastModified: "2025-02-24T18:15:16.550", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-27T21:15:10.193", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165995", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.x.org/archives/xorg-announce/2023-February/003320.html", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/202305-30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165995", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.x.org/archives/xorg-announce/2023-February/003320.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-30", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-12 06:59
Modified
2025-04-20 01:37
Severity ?
Summary
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", matchCriteriaId: "493B9A51-FA5C-4E94-871F-83AE4ED9EA1D", versionEndIncluding: "9.9.8", versionStartIncluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", matchCriteriaId: "667502D2-746A-4FE6-8752-ED19ADA20981", versionEndIncluding: "9.10.3", versionStartIncluding: "9.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*", matchCriteriaId: "2A2CF04B-BF26-43F9-8BF4-CEBB9BE3AE55", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.9.9:b1:*:*:*:*:*:*", matchCriteriaId: "B74D9C8B-886C-4D77-AD5F-393B8CAA732F", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.9.9:b2:*:*:*:*:*:*", matchCriteriaId: "ACDB1CD1-7A0C-4418-ADFF-EDE393FB2703", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*", matchCriteriaId: "376915CA-6BDB-423E-B216-64B098344DD9", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*", matchCriteriaId: "88335D70-E98B-469E-A2E7-1958EB5F10DA", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*", matchCriteriaId: "795DA9EE-489D-402E-8427-C9E3650BA1E2", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.10.4:b2:*:*:*:*:*:*", matchCriteriaId: "E16D07AA-410F-496B-9F5F-92F787BD58C3", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.10.4:b3:*:*:*:*:*:*", matchCriteriaId: "E164EA7F-21AF-42BF-99A8-4B26AB0FE343", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", matchCriteriaId: "E253BD9F-25B8-42E7-BEAB-E843381ED155", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", matchCriteriaId: "6B5E42E5-27C6-4D6F-B7DC-903B10BF2017", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", matchCriteriaId: "7E211374-A4F5-41D4-A89E-E6522E9D0DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.10.4:rc1:*:*:*:*:*:*", matchCriteriaId: "57110A6D-10CB-49B3-A439-E91E00E5DE58", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.0:a1:*:*:*:*:*:*", matchCriteriaId: "D72B0718-8054-4C8C-8FAF-0DC79C3B4D4D", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.0:a2:*:*:*:*:*:*", matchCriteriaId: "4F155EC7-B84E-4C05-908A-BFBAF2CE612D", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.0:a3:*:*:*:*:*:*", matchCriteriaId: "C6C3D04E-B352-4124-A8A5-68AA90EC95DC", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.0:b1:*:*:*:*:*:*", matchCriteriaId: "E053C268-5C5F-4ED4-91CF-F8F795185C25", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.0:b2:*:*:*:*:*:*", matchCriteriaId: "ED1A5978-3E4E-4E1C-9D45-8AFA65704F37", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.0:b3:*:*:*:*:*:*", matchCriteriaId: "EF7673FD-B816-45D5-82DD-D2BD0261D2AC", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", matchCriteriaId: "086C327B-DF9F-4D4E-A538-1E29FEDC34C5", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.0:rc1:*:*:*:*:*:*", matchCriteriaId: "1ADDCEF4-E744-4F78-B4CC-1C9278167F29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "807C024A-F8E8-4B48-A349-4C68CD252CA1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "1C8D871B-AEA1-4407-AEE3-47EC782250FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "6755B6AD-0422-467B-8115-34A60B1D1A40", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "DC7808D1-B267-4361-8187-5AB70B64179A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", matchCriteriaId: "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.", }, { lang: "es", value: "named en ISC BIND 9.x en versiones anteriores a 9.9.9-P5, 9.10.x en versiones anteriores a 9.10.4-P5 y 9.11.x en versiones anteriores a 9.11.0-P2 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una respuesta mal formada a una query RTYPE ANY.", }, ], id: "CVE-2016-9131", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-12T06:59:00.250", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0062.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3758", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95386", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037582", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1583", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.isc.org/article/AA-01439/74/CVE-2016-9131", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201708-01", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180926-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0062.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3758", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95386", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037582", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.isc.org/article/AA-01439/74/CVE-2016-9131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201708-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180926-0005/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }