Linux » Linux Kernel : Security Vulnerabilities, CVEs, Published In 2012 (Denial of service) CVSS score >= 5
The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call.
Max CVSS
6.6
EPSS Score
0.04%
Published
2012-10-10
Updated
2023-02-13
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.
Max CVSS
7.1
EPSS Score
1.48%
Published
2012-10-03
Updated
2023-02-13
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.
Max CVSS
6.2
EPSS Score
0.04%
Published
2012-10-04
Updated
2023-02-13
Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.
Max CVSS
5.6
EPSS Score
0.04%
Published
2012-10-03
Updated
2023-02-13
The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.
Max CVSS
7.8
EPSS Score
8.92%
Published
2012-10-03
Updated
2023-02-13
Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.
Max CVSS
7.6
EPSS Score
2.81%
Published
2012-10-03
Updated
2023-02-13
net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets.
Max CVSS
7.8
EPSS Score
4.35%
Published
2012-08-09
Updated
2023-02-13
The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.
Max CVSS
7.2
EPSS Score
0.04%
Published
2012-08-09
Updated
2023-10-12
fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd.
Max CVSS
5.0
EPSS Score
4.32%
Published
2012-06-21
Updated
2023-02-13
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.
Max CVSS
7.1
EPSS Score
1.64%
Published
2012-07-03
Updated
2023-02-13
Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.
Max CVSS
5.0
EPSS Score
6.21%
Published
2012-06-16
Updated
2023-02-13
The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages.
Max CVSS
5.2
EPSS Score
0.06%
Published
2012-05-17
Updated
2017-12-29
The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.
Max CVSS
5.5
EPSS Score
0.04%
Published
2012-05-17
Updated
2023-02-13
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
Max CVSS
7.8
EPSS Score
0.04%
Published
2012-05-17
Updated
2023-02-13
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
Max CVSS
5.5
EPSS Score
0.04%
Published
2012-05-17
Updated
2021-07-15
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
Max CVSS
5.5
EPSS Score
0.04%
Published
2012-05-17
Updated
2023-02-13
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.
Max CVSS
7.8
EPSS Score
0.72%
Published
2012-05-17
Updated
2023-01-17
The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management.
Max CVSS
5.5
EPSS Score
0.04%
Published
2012-05-17
Updated
2020-07-29
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.
Max CVSS
7.8
EPSS Score
0.04%
Published
2012-05-17
Updated
2023-02-13
Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow.
Max CVSS
5.5
EPSS Score
0.04%
Published
2012-05-17
Updated
2023-02-13
The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process.
Max CVSS
7.2
EPSS Score
0.04%
Published
2012-06-21
Updated
2023-02-13
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.
Max CVSS
6.4
EPSS Score
2.27%
Published
2012-06-21
Updated
2023-02-13
The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.
Max CVSS
7.8
EPSS Score
1.44%
Published
2012-06-21
Updated
2023-02-13
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.
Max CVSS
5.5
EPSS Score
0.04%
Published
2012-05-17
Updated
2023-02-13
The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference.
Max CVSS
5.5
EPSS Score
0.04%
Published
2012-05-17
Updated
2023-02-13