Linux : Security Vulnerabilities, CVEs, Published In 2007 (Denial of service)
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
Max CVSS
7.2
EPSS Score
0.09%
Published
2007-01-30
Updated
2023-02-13
The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-01-30
Updated
2017-10-11
Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-01-12
Updated
2017-10-11
The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-02-24
Updated
2018-10-30
The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs").
Max CVSS
4.0
EPSS Score
0.04%
Published
2007-05-14
Updated
2017-10-11
The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."
Max CVSS
1.9
EPSS Score
1.49%
Published
2007-02-06
Updated
2017-10-11
The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-05-02
Updated
2017-10-11
The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.
Max CVSS
7.8
EPSS Score
7.95%
Published
2007-02-20
Updated
2017-07-29
Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-09-18
Updated
2008-09-05
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-03-02
Updated
2018-10-30
The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.
Max CVSS
7.8
EPSS Score
34.95%
Published
2007-04-11
Updated
2011-03-08
The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.
Max CVSS
4.4
EPSS Score
0.04%
Published
2007-03-10
Updated
2017-10-11
nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference.
Max CVSS
4.9
EPSS Score
0.07%
Published
2007-03-16
Updated
2017-10-11
net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-03-22
Updated
2017-10-11
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
Max CVSS
6.6
EPSS Score
0.04%
Published
2007-03-28
Updated
2018-10-16
The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-03-28
Updated
2018-10-16
The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.
Max CVSS
4.9
EPSS Score
0.08%
Published
2007-05-07
Updated
2018-10-16
Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-05-08
Updated
2017-10-11
The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.65%
Published
2007-05-18
Updated
2019-08-14
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.
Max CVSS
6.1
EPSS Score
4.43%
Published
2007-06-11
Updated
2018-10-30
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-05-29
Updated
2017-10-11
The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry.
Max CVSS
4.9
EPSS Score
0.07%
Published
2007-06-26
Updated
2017-10-11
Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.
Max CVSS
4.6
EPSS Score
0.07%
Published
2007-07-27
Updated
2023-02-13
The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-07-10
Updated
2017-10-11
The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service.
Max CVSS
5.0
EPSS Score
4.81%
Published
2007-07-20
Updated
2017-10-11