Linux » Linux Kernel : Security Vulnerabilities, CVEs, (Overflow)
Buffer overflow in Linux su command gives root access to local users.
Max CVSS
7.2
EPSS Score
0.04%
Published
1999-11-25
Updated
2022-08-17
Linux bdash game has a buffer overflow that allows local users to gain root access.
Max CVSS
7.2
EPSS Score
0.04%
Published
1998-03-01
Updated
2022-08-17
super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
Max CVSS
7.2
EPSS Score
0.04%
Published
1999-02-26
Updated
2008-09-09
Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-02-19
Updated
2008-09-05
Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.40%
Published
2002-12-31
Updated
2008-09-05
Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors.
Max CVSS
4.6
EPSS Score
0.06%
Published
2004-03-03
Updated
2017-10-10
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-12-15
Updated
2016-10-18
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
Max CVSS
7.2
EPSS Score
0.06%
Published
2004-03-03
Updated
2017-10-11
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
Max CVSS
4.6
EPSS Score
0.14%
Published
2004-06-01
Updated
2017-10-11
A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic.
Max CVSS
2.1
EPSS Score
0.10%
Published
2004-08-18
Updated
2017-07-11
Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-07-07
Updated
2018-05-03
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-08-06
Updated
2017-10-11
Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2) state_connected, (3) handle_remote_request, or (4) hpsb_make_writebpacket.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-08-06
Updated
2017-07-11
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-15
Updated
2018-10-03
Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory.
Max CVSS
7.8
EPSS Score
0.04%
Published
2004-12-31
Updated
2024-02-08
The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow.
Max CVSS
2.1
EPSS Score
0.07%
Published
2005-04-14
Updated
2018-10-19
nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow.
Max CVSS
7.8
EPSS Score
0.52%
Published
2005-03-07
Updated
2017-10-11
Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.
Max CVSS
4.6
EPSS Score
0.10%
Published
2005-03-14
Updated
2017-10-11
Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.
Max CVSS
2.1
EPSS Score
0.06%
Published
2005-05-02
Updated
2023-02-13
The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-05-02
Updated
2023-02-13
The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-05-02
Updated
2016-10-18
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-03-09
Updated
2018-10-03
Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-05-02
Updated
2018-10-19
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-05-11
Updated
2018-10-19
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.
Max CVSS
3.7
EPSS Score
0.06%
Published
2005-07-11
Updated
2017-10-11