| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2011-1770 |
189 |
|
DoS |
2011-06-24 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. |
|
2 |
CVE-2011-1163 |
20 |
|
+Info |
2011-04-09 |
2013-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. |
|
3 |
CVE-2011-1083 |
399 |
|
DoS |
2011-04-04 |
2013-02-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. |
|
4 |
CVE-2011-1082 |
399 |
|
DoS |
2011-04-04 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. |
|
5 |
CVE-2011-1044 |
119 |
|
Overflow +Info |
2011-02-18 |
2013-01-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. |
|
6 |
CVE-2011-1020 |
264 |
|
DoS +Info |
2011-02-28 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. |
|
7 |
CVE-2011-1017 |
119 |
|
Overflow +Priv +Info |
2011-03-01 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table. |
|
8 |
CVE-2011-1016 |
20 |
|
|
2011-02-28 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. |
|
9 |
CVE-2011-1012 |
20 |
|
DoS |
2011-03-01 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table. |
|
10 |
CVE-2011-1010 |
119 |
|
DoS Overflow |
2011-03-01 |
2013-01-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table. |
|
11 |
CVE-2011-0999 |
399 |
|
DoS |
2011-02-23 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application. |
|
12 |
CVE-2011-0712 |
119 |
|
DoS Overflow |
2011-02-18 |
2012-03-19 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c. |
|
13 |
CVE-2011-0711 |
200 |
|
+Info |
2011-03-01 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. |
|
14 |
CVE-2011-0710 |
200 |
|
+Info |
2011-02-18 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/. |
|
15 |
CVE-2011-0709 |
|
|
DoS |
2011-02-18 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table. |
|
16 |
CVE-2011-0695 |
362 |
|
DoS |
2011-03-15 |
2012-03-19 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference. |
|
17 |
CVE-2011-0521 |
189 |
|
DoS Mem. Corr. |
2011-02-02 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value. |
|
18 |
CVE-2010-4668 |
399 |
|
DoS |
2011-01-03 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163. |
|
19 |
CVE-2010-4649 |
189 |
|
DoS Overflow Mem. Corr. |
2011-02-18 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member. |
|
20 |
CVE-2010-4565 |
200 |
|
+Info |
2010-12-29 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. |
|
21 |
CVE-2010-4529 |
189 |
|
+Info |
2011-01-13 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call. |
|
22 |
CVE-2010-4527 |
119 |
|
Overflow +Priv +Info |
2011-01-13 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call. |
|
23 |
CVE-2010-4346 |
264 |
|
Bypass |
2010-12-22 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. |
|
24 |
CVE-2010-4343 |
|
|
DoS |
2010-12-29 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file. |
|
25 |
CVE-2010-4342 |
399 |
|
DoS |
2010-12-30 |
2012-03-19 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP. |
|
26 |
CVE-2010-4263 |
|
|
DoS |
2011-01-18 |
2013-01-21 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame. |
|
27 |
CVE-2010-4256 |
20 |
|
DoS |
2011-01-25 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an F_SETPIPE_SZ fcntl call. |
|
28 |
CVE-2010-4249 |
399 |
1
|
DoS |
2010-11-29 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. |
|
29 |
CVE-2010-4248 |
362 |
|
DoS |
2010-11-30 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c. |
|
30 |
CVE-2010-4243 |
399 |
1
|
DoS |
2011-01-22 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858. |
|
31 |
CVE-2010-4169 |
399 |
|
DoS |
2010-11-22 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call. |
|
32 |
CVE-2010-4165 |
189 |
|
DoS |
2010-11-22 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer. |
|
33 |
CVE-2010-4083 |
200 |
|
+Info |
2010-11-30 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. |
|
34 |
CVE-2010-4082 |
200 |
|
+Info |
2010-11-30 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. |
|
35 |
CVE-2010-4081 |
200 |
|
+Info |
2010-11-30 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. |
|
36 |
CVE-2010-4080 |
200 |
|
+Info |
2010-11-30 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. |
|
37 |
CVE-2010-4079 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. |
|
38 |
CVE-2010-4078 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. |
|
39 |
CVE-2010-4077 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. |
|
40 |
CVE-2010-4076 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. |
|
41 |
CVE-2010-4075 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. |
|
42 |
CVE-2010-4074 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c. |
|
43 |
CVE-2010-4073 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. |
|
44 |
CVE-2010-4072 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." |
|
45 |
CVE-2010-3904 |
20 |
|
+Priv |
2010-12-06 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. |
|
46 |
CVE-2010-3880 |
399 |
|
DoS |
2010-12-10 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions. |
|
47 |
CVE-2010-3877 |
200 |
|
+Info |
2011-01-03 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. |
|
48 |
CVE-2010-3876 |
200 |
|
+Info |
2011-01-03 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures. |
|
49 |
CVE-2010-3875 |
200 |
|
+Info |
2011-01-03 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. |
|
50 |
CVE-2010-3861 |
200 |
|
+Info |
2010-12-10 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478. |
