| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1959 |
264 |
|
+Priv |
2013-05-03 |
2013-05-03 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. |
|
2 |
CVE-2013-0914 |
264 |
|
Bypass |
2013-03-22 |
2013-05-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. |
|
3 |
CVE-2013-0343 |
|
|
DoS +Info |
2013-02-28 |
2013-02-28 |
3.2 |
None |
Local Network |
High |
Not required |
Partial |
None |
Partial |
|
The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. |
|
4 |
CVE-2012-1174 |
362 |
|
|
2012-07-12 |
2012-08-13 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session." |
|
5 |
CVE-2011-1833 |
264 |
|
Bypass |
2012-10-03 |
2012-10-03 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. |
|
6 |
CVE-2011-1676 |
264 |
|
|
2011-04-09 |
2011-04-20 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. |
|
7 |
CVE-2011-1675 |
16 |
|
|
2011-04-09 |
2012-01-18 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. |
|
8 |
CVE-2011-1182 |
|
|
|
2013-03-01 |
2013-03-04 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. |
|
9 |
CVE-2011-1021 |
264 |
|
|
2012-06-21 |
2012-06-22 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347. |
|
10 |
CVE-2010-4648 |
|
|
|
2012-06-21 |
2012-06-26 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames. |
|
11 |
CVE-2010-2955 |
189 |
|
+Info |
2010-09-08 |
2012-03-19 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. |
|
12 |
CVE-2009-0835 |
264 |
|
Bypass |
2009-03-06 |
2012-03-19 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343. |
|
13 |
CVE-2009-0834 |
264 |
|
Bypass |
2009-03-06 |
2012-03-19 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. |
|
14 |
CVE-2008-2148 |
264 |
|
DoS |
2008-05-12 |
2012-03-19 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. |
|
15 |
CVE-2008-0001 |
|
|
Bypass |
2008-01-15 |
2012-03-19 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. |
|
16 |
CVE-2006-5158 |
|
|
DoS |
2006-10-05 |
2012-03-19 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock. |
|
17 |
CVE-2006-1524 |
264 |
|
Bypass |
2006-04-19 |
2012-03-19 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071. |
|
18 |
CVE-2005-4618 |
|
|
DoS Overflow |
2005-12-31 |
2009-11-12 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified. |
|
19 |
CVE-2005-2617 |
|
|
|
2005-08-17 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers. |
|
20 |
CVE-2005-2492 |
|
|
DoS |
2005-09-14 |
2010-08-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. |
|
21 |
CVE-2005-1768 |
|
|
DoS Exec Code Overflow |
2005-07-11 |
2010-08-21 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow. |
|
22 |
CVE-2005-0180 |
|
|
Bypass |
2005-03-07 |
2010-08-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions. |
|
23 |
CVE-2003-0246 |
|
|
+Priv |
2003-06-16 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. |
|
24 |
CVE-2003-0018 |
|
|
|
2003-02-19 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. |
|
25 |
CVE-2002-0429 |
|
|
|
2002-08-12 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall). |
|
26 |
CVE-2001-1396 |
|
|
|
2001-04-17 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact. |
|
27 |
CVE-2001-1395 |
|
|
|
2001-04-17 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact. |
|
28 |
CVE-2001-0317 |
|
|
+Priv |
2001-05-03 |
2008-09-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. |
|
29 |
CVE-1999-0401 |
|
|
|
1999-01-01 |
2008-09-09 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. |
