| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1979 |
264 |
|
+Priv |
2013-05-03 |
2013-05-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. |
|
2 |
CVE-2013-1860 |
119 |
|
DoS Exec Code Overflow |
2013-03-22 |
2013-04-05 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. |
|
3 |
CVE-2013-1848 |
20 |
|
+Priv |
2013-03-22 |
2013-04-05 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. |
|
4 |
CVE-2013-1828 |
20 |
|
+Priv |
2013-03-22 |
2013-04-05 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call. |
|
5 |
CVE-2013-1827 |
|
|
DoS +Priv |
2013-03-22 |
2013-04-05 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. |
|
6 |
CVE-2013-1826 |
|
|
DoS +Priv |
2013-03-22 |
2013-04-05 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability. |
|
7 |
CVE-2013-1798 |
20 |
|
DoS +Info |
2013-03-22 |
2013-04-05 |
6.2 |
None |
Local Network |
High |
Not required |
Complete |
None |
Complete |
|
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. |
|
8 |
CVE-2013-1797 |
399 |
|
DoS Mem. Corr. |
2013-03-22 |
2013-04-05 |
6.8 |
None |
Local Network |
High |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. |
|
9 |
CVE-2013-1796 |
119 |
|
DoS Overflow Mem. Corr. |
2013-03-22 |
2013-04-05 |
6.8 |
None |
Local Network |
High |
Not required |
Complete |
Complete |
Complete |
|
The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. |
|
10 |
CVE-2013-1773 |
119 |
1
|
DoS Overflow +Priv |
2013-02-28 |
2013-03-01 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. |
|
11 |
CVE-2013-1767 |
399 |
|
DoS +Priv |
2013-02-28 |
2013-05-14 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. |
|
12 |
CVE-2013-0871 |
362 |
|
+Priv |
2013-02-17 |
2013-04-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. |
|
13 |
CVE-2013-0313 |
|
|
DoS |
2013-02-21 |
2013-02-22 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module (EVM) is enabled, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an attempted removexattr operation on an inode of a sockfs filesystem. |
|
14 |
CVE-2013-0311 |
|
|
|
2013-02-21 |
2013-03-22 |
6.5 |
None |
Local Network |
High |
Single system |
Complete |
Complete |
Complete |
|
The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. |
|
15 |
CVE-2013-0310 |
119 |
|
DoS Overflow |
2013-02-21 |
2013-02-22 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. |
|
16 |
CVE-2013-0268 |
264 |
|
Bypass |
2013-02-17 |
2013-02-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. |
|
17 |
CVE-2013-0228 |
189 |
|
+Priv |
2013-03-01 |
2013-05-14 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application. |
|
18 |
CVE-2012-4467 |
399 |
|
DoS +Info |
2012-10-10 |
2013-01-29 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call. |
|
19 |
CVE-2012-2857 |
399 |
|
DoS |
2012-08-06 |
2013-03-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. |
|
20 |
CVE-2012-2137 |
119 |
|
DoS Exec Code Overflow |
2013-01-22 |
2013-04-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. |
|
21 |
CVE-2012-0056 |
264 |
|
+Priv |
2012-01-27 |
2012-03-22 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper. |
|
22 |
CVE-2011-4914 |
20 |
|
DoS +Info |
2012-06-21 |
2012-06-22 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. |
|
23 |
CVE-2011-4077 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-01-27 |
2013-02-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. |
|
24 |
CVE-2011-3188 |
|
|
DoS |
2012-05-24 |
2012-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. |
|
25 |
CVE-2011-2905 |
|
|
|
2013-03-01 |
2013-03-04 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in the perf_config function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory. |
|
26 |
CVE-2011-2022 |
20 |
|
DoS +Priv |
2011-05-09 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. |
|
27 |
CVE-2011-1759 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2012-06-13 |
2012-06-14 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users to gain privileges or cause a denial of service (heap memory corruption) by providing a crafted argument and leveraging a race condition. |
|
28 |
CVE-2011-1746 |
189 |
|
DoS Overflow |
2011-05-09 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. |
|
29 |
CVE-2011-1745 |
189 |
|
DoS Overflow +Priv |
2011-05-09 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. |
|
30 |
CVE-2011-1494 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2011-05-03 |
2012-04-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow. |
|
31 |
CVE-2011-1169 |
20 |
|
DoS +Priv Mem. Corr. |
2011-05-03 |
2012-04-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of service (memory corruption) or possibly gain privileges via a crafted adapter index value that triggers access to an invalid kernel pointer. |
|
32 |
CVE-2011-1016 |
20 |
|
|
2011-02-28 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. |
|
33 |
CVE-2011-0712 |
119 |
|
DoS Overflow |
2011-02-18 |
2012-03-19 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c. |
|
34 |
CVE-2011-0640 |
16 |
|
|
2011-01-24 |
2011-04-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. |
|
35 |
CVE-2011-0521 |
189 |
|
DoS Mem. Corr. |
2011-02-02 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value. |
|
36 |
CVE-2010-4805 |
399 |
|
DoS |
2011-05-26 |
2012-03-19 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251. |
|
37 |
CVE-2010-4656 |
119 |
|
DoS Overflow +Priv |
2011-07-18 |
2012-03-19 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report. |
|
38 |
CVE-2010-4649 |
189 |
|
DoS Overflow Mem. Corr. |
2011-02-18 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member. |
|
39 |
CVE-2010-4527 |
119 |
|
Overflow +Priv +Info |
2011-01-13 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call. |
|
40 |
CVE-2010-4347 |
264 |
1
|
+Priv |
2010-12-22 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c. |
|
41 |
CVE-2010-4258 |
264 |
|
+Priv Bypass |
2010-12-30 |
2012-03-19 |
6.2 |
Admin |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. |
|
42 |
CVE-2010-4251 |
399 |
|
DoS |
2011-05-26 |
2012-03-19 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. |
|
43 |
CVE-2010-4160 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2011-01-07 |
2013-01-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. |
|
44 |
CVE-2010-4157 |
189 |
|
DoS Overflow Mem. Corr. |
2010-12-10 |
2012-03-19 |
6.0 |
None |
Local |
High |
Single system |
Complete |
Complete |
Complete |
|
Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call. |
|
45 |
CVE-2010-3859 |
189 |
|
Overflow +Priv |
2010-12-29 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c. |
|
46 |
CVE-2010-3848 |
119 |
|
Overflow +Priv |
2010-12-30 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures. |
|
47 |
CVE-2010-3437 |
189 |
1
|
DoS +Info |
2010-10-04 |
2012-03-19 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. |
|
48 |
CVE-2010-2963 |
20 |
|
+Priv |
2010-11-26 |
2012-03-19 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. |
|
49 |
CVE-2010-2653 |
362 |
|
DoS |
2010-10-05 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and hvc_remove functions. |
|
50 |
CVE-2010-2537 |
264 |
|
|
2010-09-30 |
2012-03-19 |
6.3 |
None |
Local |
Medium |
Not required |
None |
Complete |
Complete |
|
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor. |
