| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3302 |
362 |
|
DoS |
2013-04-29 |
2013-05-03 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event. |
|
2 |
CVE-2013-3301 |
|
|
DoS |
2013-04-29 |
2013-04-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. |
|
3 |
CVE-2013-3237 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
4 |
CVE-2013-3236 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
5 |
CVE-2013-3235 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
6 |
CVE-2013-3234 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
7 |
CVE-2013-3233 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
8 |
CVE-2013-3232 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
9 |
CVE-2013-3231 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
10 |
CVE-2013-3230 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
11 |
CVE-2013-3229 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
12 |
CVE-2013-3228 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
13 |
CVE-2013-3227 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
14 |
CVE-2013-3226 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
15 |
CVE-2013-3225 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
16 |
CVE-2013-3224 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
17 |
CVE-2013-3223 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
18 |
CVE-2013-3222 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
19 |
CVE-2013-3076 |
200 |
|
+Info |
2013-04-22 |
2013-06-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. |
|
20 |
CVE-2013-2852 |
134 |
|
+Priv |
2013-06-07 |
2013-06-07 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. |
|
21 |
CVE-2013-2851 |
134 |
|
+Priv |
2013-06-07 |
2013-06-07 |
6.0 |
None |
Local |
High |
Single system |
Complete |
Complete |
Complete |
|
Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. |
|
22 |
CVE-2013-2850 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-06-07 |
2013-06-07 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. |
|
23 |
CVE-2013-2636 |
399 |
|
+Info |
2013-03-22 |
2013-04-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. |
|
24 |
CVE-2013-2635 |
399 |
|
+Info |
2013-03-22 |
2013-06-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
25 |
CVE-2013-2634 |
399 |
|
+Info |
2013-03-22 |
2013-06-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
26 |
CVE-2013-2548 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. |
|
27 |
CVE-2013-2547 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. |
|
28 |
CVE-2013-2546 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. |
|
29 |
CVE-2013-2148 |
399 |
|
+Info |
2013-06-07 |
2013-06-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. |
|
30 |
CVE-2013-2147 |
399 |
|
+Info |
2013-06-07 |
2013-06-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. |
|
31 |
CVE-2013-2146 |
20 |
|
DoS |
2013-06-07 |
2013-06-07 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. |
|
32 |
CVE-2013-2141 |
399 |
|
+Info |
2013-06-07 |
2013-06-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. |
|
33 |
CVE-2013-2128 |
119 |
|
DoS Overflow |
2013-06-07 |
2013-06-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket. |
|
34 |
CVE-2013-2094 |
189 |
|
+Priv |
2013-05-14 |
2013-06-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. |
|
35 |
CVE-2013-2017 |
399 |
|
DoS |
2013-05-03 |
2013-05-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error. |
|
36 |
CVE-2013-2015 |
399 |
|
DoS |
2013-04-29 |
2013-04-29 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. |
|
37 |
CVE-2013-1979 |
264 |
|
+Priv |
2013-05-03 |
2013-05-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. |
|
38 |
CVE-2013-1959 |
264 |
|
+Priv |
2013-05-03 |
2013-05-03 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. |
|
39 |
CVE-2013-1958 |
264 |
|
Bypass |
2013-04-24 |
2013-05-01 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created. |
|
40 |
CVE-2013-1957 |
264 |
|
Bypass |
2013-04-24 |
2013-04-25 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace. |
|
41 |
CVE-2013-1956 |
264 |
|
Bypass |
2013-04-24 |
2013-05-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call. |
|
42 |
CVE-2013-1929 |
119 |
|
DoS Exec Code Overflow |
2013-06-07 |
2013-06-07 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. |
|
43 |
CVE-2013-1928 |
200 |
|
+Info |
2013-04-29 |
2013-06-14 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. |
|
44 |
CVE-2013-1860 |
119 |
|
DoS Exec Code Overflow |
2013-03-22 |
2013-06-04 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. |
|
45 |
CVE-2013-1858 |
264 |
|
+Priv |
2013-04-05 |
2013-04-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process. |
|
46 |
CVE-2013-1848 |
20 |
|
+Priv |
2013-03-22 |
2013-06-04 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. |
|
47 |
CVE-2013-1828 |
20 |
|
+Priv |
2013-03-22 |
2013-04-05 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call. |
|
48 |
CVE-2013-1827 |
|
|
DoS +Priv |
2013-03-22 |
2013-06-04 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. |
|
49 |
CVE-2013-1826 |
|
|
DoS +Priv |
2013-03-22 |
2013-06-04 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability. |
|
50 |
CVE-2013-1819 |
20 |
|
DoS |
2013-03-06 |
2013-03-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. |
