| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2011-2928 |
20 |
|
DoS |
2011-08-29 |
2012-03-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. |
|
2 |
CVE-2011-2723 |
399 |
|
DoS |
2011-09-06 |
2012-03-19 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic. |
|
3 |
CVE-2011-2700 |
119 |
|
DoS Overflow |
2011-09-06 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID. |
|
4 |
CVE-2011-2695 |
189 |
|
DoS |
2011-07-28 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer. |
|
5 |
CVE-2011-2689 |
399 |
|
DoS |
2011-07-28 |
2012-03-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space. |
|
6 |
CVE-2011-2534 |
119 |
|
DoS Overflow |
2011-06-22 |
2012-03-19 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character. |
|
7 |
CVE-2011-2497 |
189 |
|
DoS Overflow Mem. Corr. |
2011-08-29 |
2012-03-19 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow. |
|
8 |
CVE-2011-2484 |
399 |
|
DoS Bypass |
2011-06-24 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. |
|
9 |
CVE-2011-2213 |
399 |
|
DoS |
2011-08-29 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. |
|
10 |
CVE-2011-2189 |
399 |
|
DoS |
2011-10-10 |
2012-09-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd. |
|
11 |
CVE-2011-2184 |
|
|
DoS |
2011-09-06 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960. |
|
12 |
CVE-2011-2022 |
20 |
|
DoS +Priv |
2011-05-09 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. |
|
13 |
CVE-2011-1776 |
119 |
|
DoS Overflow +Info |
2011-09-06 |
2012-05-17 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. |
|
14 |
CVE-2011-1771 |
|
|
DoS |
2011-09-06 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem. |
|
15 |
CVE-2011-1770 |
189 |
|
DoS |
2011-06-24 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. |
|
16 |
CVE-2011-1748 |
20 |
|
DoS |
2011-05-09 |
2012-04-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. |
|
17 |
CVE-2011-1747 |
399 |
|
DoS |
2011-05-09 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls. |
|
18 |
CVE-2011-1746 |
189 |
|
DoS Overflow |
2011-05-09 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. |
|
19 |
CVE-2011-1745 |
189 |
|
DoS Overflow +Priv |
2011-05-09 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. |
|
20 |
CVE-2011-1598 |
20 |
|
DoS |
2011-05-09 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. |
|
21 |
CVE-2011-1593 |
189 |
|
DoS Overflow |
2011-05-03 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. |
|
22 |
CVE-2011-1581 |
20 |
|
DoS |
2011-05-26 |
2012-03-19 |
4.6 |
None |
Local Network |
High |
Not required |
None |
None |
Complete |
|
The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic. |
|
23 |
CVE-2011-1577 |
119 |
|
DoS Overflow |
2011-05-03 |
2012-04-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media. |
|
24 |
CVE-2011-1495 |
20 |
|
DoS +Priv Mem. Corr. +Info |
2011-05-03 |
2012-04-27 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. |
|
25 |
CVE-2011-1494 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2011-05-03 |
2012-04-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow. |
|
26 |
CVE-2011-1478 |
|
|
DoS |
2011-10-23 |
2012-05-13 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame. |
|
27 |
CVE-2011-1169 |
20 |
|
DoS +Priv Mem. Corr. |
2011-05-03 |
2012-04-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of service (memory corruption) or possibly gain privileges via a crafted adapter index value that triggers access to an invalid kernel pointer. |
|
28 |
CVE-2011-1093 |
|
|
DoS |
2011-07-18 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. |
|
29 |
CVE-2011-1090 |
399 |
|
DoS |
2011-05-09 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL. |
|
30 |
CVE-2011-1076 |
|
|
DoS |
2011-10-04 |
2012-05-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key. |
|
31 |
CVE-2011-1013 |
189 |
|
DoS |
2011-05-09 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. |
|
32 |
CVE-2010-4805 |
399 |
|
DoS |
2011-05-26 |
2012-03-19 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251. |
|
33 |
CVE-2010-4656 |
119 |
|
DoS Overflow +Priv |
2011-07-18 |
2012-03-19 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report. |
|
34 |
CVE-2010-4251 |
399 |
|
DoS |
2011-05-26 |
2012-03-19 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. |
|
35 |
CVE-2010-4164 |
189 |
|
DoS |
2011-01-03 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873. |
|
36 |
CVE-2010-4163 |
399 |
|
DoS |
2011-01-03 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device. |
|
37 |
CVE-2010-4162 |
189 |
|
DoS Overflow |
2011-01-03 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. |
|
38 |
CVE-2010-4160 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2011-01-07 |
2013-01-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. |
|
39 |
CVE-2010-3873 |
399 |
|
DoS Mem. Corr. |
2011-01-03 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164. |
