Linux » Linux Kernel : Security Vulnerabilities, CVEs, Published In July 2012
Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data.
Max CVSS
4.0
EPSS Score
0.04%
Published
2012-07-03
Updated
2023-02-13
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.
Max CVSS
7.1
EPSS Score
1.64%
Published
2012-07-03
Updated
2023-02-13
The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.
Max CVSS
4.7
EPSS Score
0.13%
Published
2012-07-03
Updated
2023-02-13
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
Max CVSS
4.6
EPSS Score
0.04%
Published
2012-07-03
Updated
2023-02-13
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal.
Max CVSS
4.9
EPSS Score
0.04%
Published
2012-07-03
Updated
2023-02-13
5 vulnerabilities found