| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-0217 |
399 |
|
DoS |
2013-02-17 |
2013-02-18 |
5.2 |
None |
Local Network |
Medium |
Single system |
None |
None |
Complete |
|
Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions. |
|
2 |
CVE-2013-0216 |
20 |
|
DoS |
2013-02-17 |
2013-02-18 |
5.2 |
None |
Local Network |
Medium |
Single system |
None |
None |
Complete |
|
The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. |
|
3 |
CVE-2012-4444 |
|
|
Bypass |
2012-12-21 |
2013-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. |
|
4 |
CVE-2012-3552 |
362 |
|
DoS |
2012-10-03 |
2013-01-23 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic. |
|
5 |
CVE-2012-3510 |
399 |
|
DoS +Info |
2012-10-03 |
2013-04-18 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. |
|
6 |
CVE-2012-3364 |
119 |
|
DoS Exec Code Overflow |
2013-01-22 |
2013-01-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields. |
|
7 |
CVE-2012-2127 |
119 |
|
DoS Overflow |
2012-06-21 |
2013-02-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd. |
|
8 |
CVE-2012-2119 |
119 |
|
DoS Overflow |
2013-01-22 |
2013-01-29 |
5.2 |
None |
Local Network |
Medium |
Single system |
None |
None |
Complete |
|
Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length. |
|
9 |
CVE-2012-1583 |
399 |
|
DoS |
2012-06-16 |
2013-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets. |
|
10 |
CVE-2012-1179 |
264 |
|
DoS |
2012-05-17 |
2013-01-23 |
5.2 |
None |
Local Network |
Medium |
Single system |
None |
None |
Complete |
|
The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. |
|
11 |
CVE-2011-3363 |
20 |
|
DoS |
2012-05-24 |
2012-05-29 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. |
|
12 |
CVE-2011-3359 |
119 |
|
DoS Overflow |
2012-05-24 |
2012-05-29 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame. |
|
13 |
CVE-2011-2723 |
399 |
|
DoS |
2011-09-06 |
2012-03-19 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic. |
|
14 |
CVE-2011-1927 |
|
|
DoS |
2012-06-13 |
2012-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets. |
|
15 |
CVE-2011-1776 |
119 |
|
DoS Overflow +Info |
2011-09-06 |
2012-05-17 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. |
|
16 |
CVE-2011-1768 |
362 |
|
DoS |
2012-06-13 |
2012-06-15 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. |
|
17 |
CVE-2011-1767 |
|
|
DoS |
2012-06-13 |
2012-06-13 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. |
|
18 |
CVE-2011-1576 |
119 |
|
DoS Overflow Mem. Corr. |
2011-08-31 |
2012-06-15 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. |
|
19 |
CVE-2011-1573 |
|
|
DoS |
2012-02-01 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data. |
|
20 |
CVE-2011-1478 |
|
|
DoS |
2011-10-23 |
2012-05-13 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame. |
|
21 |
CVE-2011-1173 |
200 |
|
+Info |
2011-06-22 |
2012-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet. |
|
22 |
CVE-2011-1079 |
20 |
|
DoS +Info |
2012-06-21 |
2012-06-26 |
5.4 |
None |
Local |
Medium |
Not required |
Partial |
None |
Complete |
|
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command. |
|
23 |
CVE-2011-0714 |
399 |
|
DoS |
2011-05-04 |
2012-03-19 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function. |
|
24 |
CVE-2011-0695 |
362 |
|
DoS |
2011-03-15 |
2012-03-19 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference. |
|
25 |
CVE-2010-4563 |
200 |
|
+Info |
2012-02-02 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. |
|
26 |
CVE-2010-4263 |
|
|
DoS |
2011-01-18 |
2013-01-21 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame. |
|
27 |
CVE-2010-1451 |
119 |
|
Overflow |
2010-05-07 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application. |
|
28 |
CVE-2010-1088 |
|
|
|
2010-04-06 |
2012-03-19 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. |
|
29 |
CVE-2010-0003 |
200 |
|
DoS +Info |
2010-01-26 |
2012-03-19 |
5.4 |
None |
Local |
Medium |
Not required |
Partial |
None |
Complete |
|
The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. |
|
30 |
CVE-2009-1265 |
189 |
|
Overflow +Info |
2009-04-07 |
2012-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent. |
|
31 |
CVE-2008-2953 |
20 |
|
DoS |
2008-07-01 |
2009-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via "partial file list requests" that trigger a NULL pointer dereference. |
|
32 |
CVE-2007-3380 |
16 |
|
DoS |
2007-07-20 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service. |
|
33 |
CVE-2007-2451 |
|
|
+Info |
2007-05-29 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors. |
|
34 |
CVE-2007-1497 |
|
|
Bypass |
2007-03-16 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. |
|
35 |
CVE-2006-2934 |
399 |
|
DoS |
2006-06-30 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer. |
|
36 |
CVE-2006-2448 |
|
|
DoS |
2006-06-23 |
2010-08-21 |
5.6 |
None |
Local |
High |
Not required |
Complete |
None |
Complete |
|
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c). |
|
37 |
CVE-2006-2446 |
|
|
DoS |
2006-08-15 |
2010-08-21 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite. |
|
38 |
CVE-2006-1527 |
|
|
DoS |
2006-05-03 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function. |
|
39 |
CVE-2006-1242 |
|
|
Bypass |
2006-03-15 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks. |
|
40 |
CVE-2006-0454 |
399 |
|
DoS |
2006-02-07 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value. |
|
41 |
CVE-2005-4798 |
|
|
DoS Overflow |
2005-12-31 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client. |
|
42 |
CVE-2005-4635 |
|
|
DoS |
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 does not check for valid lengths of the header and payload, which allows remote attackers to cause a denial of service (invalid memory reference) via malformed fib_lookup netlink messages. |
|
43 |
CVE-2005-3623 |
|
|
Bypass |
2005-12-31 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems. |
|
44 |
CVE-2005-3273 |
264 |
|
|
2005-10-20 |
2012-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats. |
|
45 |
CVE-2005-3272 |
|
|
|
2005-10-20 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets. |
|
46 |
CVE-2005-3180 |
|
|
+Info |
2005-10-12 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information. |
|
47 |
CVE-2005-2872 |
|
|
DoS |
2005-09-09 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads to memset calls using a length based on the u_int32_t type, acting on an array of unsigned long elements, a different vulnerability than CVE-2005-2873. |
|
48 |
CVE-2005-2801 |
|
|
|
2005-09-06 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied. |
|
49 |
CVE-2005-2548 |
399 |
|
DoS |
2005-08-12 |
2011-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attackers to cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument, as demonstrated using snmpwalk on snmpd. |
|
50 |
CVE-2005-2459 |
|
|
DoS |
2005-08-23 |
2010-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerbility than CVE-2005-2458. |
