CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2009-2844 399 DoS 2009-08-18 2012-03-19
7.8
None Remote Low Not required None None Complete
cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability.
402 CVE-2009-2768 119 DoS Overflow 2009-08-14 2017-08-16
7.2
None Local Low Not required Complete Complete Complete
The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer."
403 CVE-2009-2767 119 DoS Overflow +Priv 2009-08-14 2017-08-16
7.2
Admin Local Low Not required Complete Complete Complete
The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference.
404 CVE-2009-2698 DoS +Priv 2009-08-27 2017-09-18
7.2
None Local Low Not required Complete Complete Complete
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
405 CVE-2009-2695 119 Overflow +Priv 2009-08-28 2017-09-18
7.2
Admin Local Low Not required Complete Complete Complete
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.
406 CVE-2009-2692 119 2 Overflow +Priv 2009-08-14 2017-09-18
7.2
Admin Local Low Not required Complete Complete Complete
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
407 CVE-2009-2584 189 Overflow +Priv 2009-07-23 2017-08-16
7.2
None Local Low Not required Complete Complete Complete
Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count argument, which triggers a stack-based buffer overflow.
408 CVE-2009-1895 16 Bypass 2009-07-16 2017-09-28
7.2
None Local Low Not required Complete Complete Complete
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).
409 CVE-2009-1633 119 DoS Overflow Mem. Corr. 2009-05-28 2017-09-28
7.1
None Remote Medium Not required None None Complete
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
410 CVE-2009-1439 119 DoS Overflow 2009-04-27 2017-09-28
7.8
None Remote Low Not required None None Complete
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
411 CVE-2009-1389 119 DoS Overflow Mem. Corr. 2009-06-16 2017-09-28
7.8
None Remote Low Not required None None Complete
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.
412 CVE-2009-1385 189 DoS 2009-06-04 2017-09-28
7.8
None Remote Low Not required None None Complete
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.
413 CVE-2009-1360 DoS 2009-04-22 2012-03-19
7.1
None Remote Medium Not required None None Complete
The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets.
414 CVE-2009-1298 119 DoS Overflow 2009-12-08 2012-03-19
7.8
None Remote Low Not required None None Complete
The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function.
415 CVE-2009-0778 DoS 2009-03-12 2017-09-28
7.1
None Remote Medium Not required None None Complete
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
416 CVE-2009-0029 20 DoS +Priv 2009-01-15 2012-03-19
7.2
None Local Low Not required Complete Complete Complete
The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.
417 CVE-2009-0024 264 DoS +Priv 2009-01-13 2012-03-19
7.2
Admin Local Low Not required Complete Complete Complete
The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions.
418 CVE-2008-5702 119 Overflow 2008-12-22 2017-09-28
7.2
None Local Low Not required Complete Complete Complete
Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.
419 CVE-2008-5033 399 DoS 2008-11-10 2017-08-07
7.8
None Remote Low Not required None None Complete
The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors.
420 CVE-2008-5025 119 DoS Overflow Mem. Corr. 2008-11-17 2017-09-28
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.
421 CVE-2008-4934 20 DoS 2008-11-05 2017-09-28
7.8
None Remote Low Not required None None Complete
The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image.
422 CVE-2008-4933 119 DoS Overflow Mem. Corr. 2008-11-05 2017-09-28
7.8
None Remote Low Not required None None Complete
Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function.
423 CVE-2008-4618 20 DoS 2008-10-20 2012-03-19
7.8
None Remote Low Not required None None Complete
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.
424 CVE-2008-4609 16 DoS 2008-10-20 2017-09-28
7.1
None Remote Medium Not required None None Complete
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
425 CVE-2008-4576 287 DoS 2008-10-15 2017-09-28
7.8
None Remote Low Not required None None Complete
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
426 CVE-2008-3911 119 Overflow 2008-09-04 2017-08-07
7.2
None Local Low Not required Complete Complete Complete
The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.
427 CVE-2008-3792 DoS 2008-09-03 2017-08-07
7.1
None Remote Medium Not required None None Complete
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.
428 CVE-2008-3526 189 DoS Overflow 2008-08-27 2017-08-07
7.8
None Remote Low Not required None None Complete
Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option.
429 CVE-2008-3525 264 Bypass 2008-09-03 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.
430 CVE-2008-3276 189 DoS Overflow 2008-08-18 2017-09-28
7.1
None Remote Medium Not required None None Complete
Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field.
431 CVE-2008-3247 119 DoS Overflow +Priv 2008-07-24 2017-08-07
7.2
None Local Low Not required Complete Complete Complete
The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.
432 CVE-2008-2812 20 DoS +Priv 2008-07-08 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
433 CVE-2008-2750 20 DoS Mem. Corr. 2008-06-18 2017-08-07
7.8
None Remote Low Not required None None Complete
The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable.
434 CVE-2008-2358 189 Overflow +Priv 2008-06-09 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.
435 CVE-2008-2136 399 DoS 2008-05-16 2017-09-28
7.8
None Remote Low Not required None None Complete
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.
436 CVE-2008-1675 399 2008-05-02 2017-08-07
7.2
None Local Low Not required Complete Complete Complete
The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.
437 CVE-2008-0600 94 +Priv 2008-02-12 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.
438 CVE-2008-0352 119 DoS Overflow 2008-01-17 2017-09-28
7.8
None Remote Low Not required None None Complete
The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).
439 CVE-2008-0007 399 2008-02-07 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
440 CVE-2007-6694 399 DoS 2008-01-29 2017-09-28
7.8
None Remote Low Not required None None Complete
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.
441 CVE-2007-6417 200 DoS +Info 2007-12-17 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).
442 CVE-2007-6151 119 DoS Overflow 2007-12-14 2017-09-28
7.2
None Local Low Not required Complete Complete Complete
The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.
443 CVE-2007-5966 189 DoS Exec Code Overflow 2007-12-19 2017-09-28
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
444 CVE-2007-5501 399 DoS 2007-11-15 2017-07-28
7.8
None Remote Low Not required None None Complete
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
445 CVE-2007-4997 189 DoS 2007-11-06 2017-09-28
7.1
None Remote Medium Not required None None Complete
Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."
446 CVE-2007-4573 264 +Priv 2007-09-24 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
447 CVE-2007-4567 20 DoS 2007-12-20 2017-09-28
7.8
None Remote Low Not required None None Complete
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
448 CVE-2007-3642 189 DoS 2007-07-09 2012-10-30
7.8
None Remote Low Not required None None Complete
The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.
449 CVE-2007-2764 20 DoS 2007-05-18 2017-07-28
7.8
None Remote Low Not required None None Complete
The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors.
450 CVE-2007-1734 DoS 2007-03-28 2017-07-28
7.2
None Local Low Not required Complete Complete Complete
The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.
Total number of vulnerabilities : 513   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.