| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-3552 |
362 |
|
DoS |
2012-10-03 |
2013-01-23 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic. |
|
2 |
CVE-2012-1583 |
399 |
|
DoS |
2012-06-16 |
2013-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets. |
|
3 |
CVE-2012-1146 |
|
|
DoS |
2012-05-17 |
2013-02-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events. |
|
4 |
CVE-2012-1097 |
|
|
DoS |
2012-05-17 |
2013-05-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call. |
|
5 |
CVE-2012-1090 |
264 |
|
DoS |
2012-05-17 |
2013-05-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. |
|
6 |
CVE-2012-0879 |
20 |
|
DoS |
2012-05-17 |
2013-05-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context. |
|
7 |
CVE-2012-0207 |
399 |
|
DoS |
2012-05-17 |
2012-05-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets. |
|
8 |
CVE-2012-0058 |
399 |
|
DoS |
2012-05-17 |
2012-08-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management. |
|
9 |
CVE-2012-0044 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2012-05-17 |
2013-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call. |
|
10 |
CVE-2012-0038 |
189 |
|
DoS Overflow |
2012-05-17 |
2012-05-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow. |
|
11 |
CVE-2011-4621 |
|
|
DoS Exec Code |
2012-05-17 |
2012-05-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop. |
|
12 |
CVE-2011-4594 |
|
|
DoS |
2012-05-17 |
2012-05-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference. |
|
13 |
CVE-2011-4112 |
264 |
|
DoS |
2012-05-17 |
2012-05-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface. |
|
14 |
CVE-2011-4097 |
189 |
|
DoS Overflow |
2012-05-17 |
2012-05-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory. |
|
15 |
CVE-2011-4081 |
|
|
DoS |
2012-05-24 |
2012-05-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket. |
|
16 |
CVE-2011-3353 |
119 |
|
DoS Overflow |
2012-05-24 |
2012-05-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem. |
|
17 |
CVE-2011-3191 |
189 |
|
DoS Mem. Corr. |
2012-05-24 |
2012-05-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory. |
|
18 |
CVE-2011-3188 |
|
|
DoS |
2012-05-24 |
2012-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. |
|
19 |
CVE-2011-2918 |
399 |
|
DoS Overflow |
2012-05-24 |
2012-05-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application. |
|
20 |
CVE-2011-2906 |
189 |
|
DoS Mem. Corr. |
2012-05-24 |
2012-05-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor. |
|
21 |
CVE-2011-2898 |
264 |
|
+Info |
2012-05-24 |
2012-05-29 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. |
|
22 |
CVE-2011-2707 |
20 |
|
+Info |
2012-05-24 |
2012-05-29 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request. |
|
23 |
CVE-2011-2699 |
|
|
DoS |
2012-05-24 |
2012-09-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets. |
|
24 |
CVE-2009-2406 |
119 |
|
DoS Overflow +Priv |
2009-07-31 |
2012-03-19 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. |
|
25 |
CVE-2009-1389 |
119 |
|
DoS Overflow Mem. Corr. |
2009-06-16 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. |
|
26 |
CVE-2009-0778 |
|
|
DoS |
2009-03-12 |
2012-03-21 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." |
|
27 |
CVE-2008-4609 |
16 |
|
DoS |
2008-10-20 |
2012-07-21 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. |
|
28 |
CVE-2008-3535 |
189 |
|
DoS |
2008-08-08 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project. |
|
29 |
CVE-2008-3534 |
399 |
|
DoS |
2008-08-08 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count. |
|
30 |
CVE-2008-3496 |
119 |
|
Overflow |
2008-08-06 |
2012-03-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors. |
|
31 |
CVE-2008-3275 |
399 |
|
DoS Overflow |
2008-08-12 |
2012-10-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. |
|
32 |
CVE-2008-3272 |
189 |
|
+Info |
2008-08-08 |
2012-10-29 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information. |
|
33 |
CVE-2008-3077 |
399 |
|
DoS |
2008-07-08 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact via unknown vectors, possibly a use-after-free vulnerability. |
|
34 |
CVE-2008-2931 |
264 |
|
DoS +Priv |
2008-07-09 |
2012-11-26 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. |
|
35 |
CVE-2008-2826 |
189 |
|
DoS Overflow |
2008-07-02 |
2012-10-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure. |
|
36 |
CVE-2008-2812 |
20 |
|
DoS +Priv |
2008-07-08 |
2012-11-26 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. |
|
37 |
CVE-2008-2750 |
20 |
|
DoS Mem. Corr. |
2008-06-18 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. |
|
38 |
CVE-2008-1673 |
119 |
|
DoS Exec Code Overflow |
2008-06-09 |
2012-11-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. |
|
39 |
CVE-2008-1669 |
94 |
|
Exec Code |
2008-05-07 |
2012-11-26 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." |
|
40 |
CVE-2007-6716 |
|
|
DoS |
2008-09-04 |
2012-10-29 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. |
|
41 |
CVE-2007-6694 |
399 |
|
DoS |
2008-01-29 |
2010-08-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference. |
|
42 |
CVE-2007-5093 |
399 |
|
DoS |
2007-09-26 |
2010-08-21 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device. |
|
43 |
CVE-2007-2876 |
|
|
DoS |
2007-06-11 |
2012-10-30 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference. |
|
44 |
CVE-2007-2453 |
|
|
|
2007-06-11 |
2012-10-30 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. |
|
45 |
CVE-2006-5823 |
|
|
DoS Mem. Corr. |
2006-11-09 |
2010-09-15 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs. |
|
46 |
CVE-2006-5757 |
|
|
DoS |
2006-11-06 |
2010-09-15 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures. |
|
47 |
CVE-2006-5701 |
|
|
DoS |
2006-11-03 |
2010-09-15 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem. |
|
48 |
CVE-2006-5174 |
|
|
|
2006-10-10 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer. |
|
49 |
CVE-2006-5173 |
|
|
DoS |
2006-10-17 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a SIGBUS in other processes that have an unaligned access. |
|
50 |
CVE-2006-4813 |
|
|
|
2006-10-12 |
2010-09-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked. |
