| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3302 |
362 |
|
DoS |
2013-04-29 |
2013-05-03 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event. |
|
2 |
CVE-2013-3237 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
3 |
CVE-2013-3236 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
4 |
CVE-2013-3235 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
5 |
CVE-2013-3234 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
6 |
CVE-2013-3233 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
7 |
CVE-2013-3232 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
8 |
CVE-2013-3231 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
9 |
CVE-2013-3230 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
10 |
CVE-2013-3229 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
11 |
CVE-2013-3228 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
12 |
CVE-2013-3227 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
13 |
CVE-2013-3226 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
14 |
CVE-2013-3225 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
15 |
CVE-2013-3224 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
16 |
CVE-2013-3223 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
17 |
CVE-2013-3222 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
18 |
CVE-2013-3076 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. |
|
19 |
CVE-2013-2015 |
399 |
|
DoS |
2013-04-29 |
2013-04-29 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. |
|
20 |
CVE-2013-1957 |
264 |
|
Bypass |
2013-04-24 |
2013-04-25 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace. |
|
21 |
CVE-2013-1928 |
200 |
|
+Info |
2013-04-29 |
2013-04-29 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. |
|
22 |
CVE-2013-1819 |
20 |
|
DoS |
2013-03-06 |
2013-03-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. |
|
23 |
CVE-2013-1792 |
362 |
|
DoS |
2013-03-22 |
2013-05-14 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. |
|
24 |
CVE-2013-1774 |
264 |
|
DoS |
2013-02-28 |
2013-03-01 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. |
|
25 |
CVE-2013-1772 |
119 |
|
DoS Overflow |
2013-02-28 |
2013-03-01 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call. |
|
26 |
CVE-2013-0309 |
119 |
|
DoS Overflow |
2013-02-21 |
2013-02-22 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. |
|
27 |
CVE-2013-0290 |
20 |
|
DoS |
2013-02-19 |
2013-02-20 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application. |
|
28 |
CVE-2013-0231 |
119 |
|
DoS Overflow |
2013-02-12 |
2013-03-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. |
|
29 |
CVE-2013-0190 |
20 |
|
DoS |
2013-02-12 |
2013-02-13 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption. |
|
30 |
CVE-2012-5532 |
|
|
DoS |
2012-12-27 |
2013-02-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. |
|
31 |
CVE-2012-5517 |
|
|
DoS |
2012-12-21 |
2013-02-25 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. |
|
32 |
CVE-2012-5375 |
310 |
|
DoS |
2013-02-18 |
2013-02-20 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value. |
|
33 |
CVE-2012-5374 |
310 |
|
DoS |
2013-02-18 |
2013-02-18 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value. |
|
34 |
CVE-2012-4565 |
189 |
|
DoS |
2012-12-21 |
2013-03-01 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. |
|
35 |
CVE-2012-4542 |
264 |
|
Bypass |
2013-02-28 |
2013-03-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes. |
|
36 |
CVE-2012-4398 |
20 |
|
DoS |
2013-02-17 |
2013-03-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. |
|
37 |
CVE-2012-3511 |
362 |
|
DoS |
2012-10-03 |
2013-04-18 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. |
|
38 |
CVE-2012-3375 |
|
|
DoS |
2012-10-03 |
2013-03-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. |
|
39 |
CVE-2012-2745 |
119 |
|
DoS Overflow |
2012-08-09 |
2013-04-18 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. |
|
40 |
CVE-2012-2390 |
399 |
|
DoS |
2012-06-13 |
2012-11-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations. |
|
41 |
CVE-2012-2384 |
189 |
|
DoS Overflow |
2012-06-13 |
2013-04-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call. |
|
42 |
CVE-2012-2383 |
189 |
|
DoS Overflow |
2012-06-13 |
2013-04-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call. |
|
43 |
CVE-2012-2375 |
189 |
|
DoS |
2012-06-13 |
2013-02-07 |
4.6 |
None |
Local Network |
High |
Not required |
None |
None |
Complete |
|
The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-4131. |
|
44 |
CVE-2012-2373 |
362 |
|
DoS |
2012-08-09 |
2013-01-23 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition. |
|
45 |
CVE-2012-2372 |
|
|
DoS |
2013-01-22 |
2013-04-18 |
4.4 |
None |
Local |
Medium |
Single system |
None |
None |
Complete |
|
The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping. |
|
46 |
CVE-2012-2133 |
399 |
|
DoS +Priv |
2012-07-03 |
2012-08-13 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data. |
|
47 |
CVE-2012-2121 |
264 |
|
DoS |
2012-05-17 |
2013-04-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices. |
|
48 |
CVE-2012-1601 |
399 |
|
DoS |
2012-05-17 |
2013-01-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. |
|
49 |
CVE-2012-1090 |
264 |
|
DoS |
2012-05-17 |
2013-05-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. |
|
50 |
CVE-2012-0957 |
16 |
|
+Info |
2012-12-21 |
2013-01-29 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. |
