| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2128 |
119 |
|
DoS Overflow |
2013-06-07 |
2013-06-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket. |
|
2 |
CVE-2012-3552 |
362 |
|
DoS |
2012-10-03 |
2013-01-23 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic. |
|
3 |
CVE-2012-0879 |
20 |
|
DoS |
2012-05-17 |
2013-05-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context. |
|
4 |
CVE-2011-4621 |
|
|
DoS Exec Code |
2012-05-17 |
2012-05-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop. |
|
5 |
CVE-2011-4611 |
189 |
|
DoS Overflow |
2012-05-17 |
2012-05-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events. |
|
6 |
CVE-2011-4326 |
399 |
|
DoS |
2012-05-17 |
2012-05-17 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device. |
|
7 |
CVE-2011-4325 |
|
|
DoS |
2012-01-27 |
2012-04-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP. |
|
8 |
CVE-2011-4087 |
399 |
|
DoS |
2013-06-08 |
2013-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device. |
|
9 |
CVE-2011-4080 |
264 |
|
Bypass |
2012-05-24 |
2012-05-29 |
4.0 |
None |
Local |
High |
Not required |
Complete |
None |
None |
|
The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment. |
|
10 |
CVE-2011-3638 |
|
|
DoS |
2013-03-01 |
2013-03-04 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. |
|
11 |
CVE-2011-3637 |
20 |
|
DoS |
2012-05-17 |
2012-05-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error. |
|
12 |
CVE-2011-3363 |
20 |
|
DoS |
2012-05-24 |
2012-05-29 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. |
|
13 |
CVE-2011-3359 |
119 |
|
DoS Overflow |
2012-05-24 |
2012-05-29 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame. |
|
14 |
CVE-2011-2928 |
20 |
|
DoS |
2011-08-29 |
2012-03-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. |
|
15 |
CVE-2011-2723 |
399 |
|
DoS |
2011-09-06 |
2012-03-19 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic. |
|
16 |
CVE-2011-2700 |
119 |
|
DoS Overflow |
2011-09-06 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID. |
|
17 |
CVE-2011-2695 |
189 |
|
DoS |
2011-07-28 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer. |
|
18 |
CVE-2011-2689 |
399 |
|
DoS |
2011-07-28 |
2012-03-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space. |
|
19 |
CVE-2011-2534 |
119 |
|
DoS Overflow |
2011-06-22 |
2012-03-19 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character. |
|
20 |
CVE-2011-2525 |
|
|
DoS |
2012-02-01 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. |
|
21 |
CVE-2011-2521 |
189 |
|
DoS |
2012-05-24 |
2012-05-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program. |
|
22 |
CVE-2011-2518 |
20 |
|
DoS |
2012-05-24 |
2012-05-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux kernel before 2.6.39.2 calls the kern_path function with arguments taken directly from a mount system call, which allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value for the device name. |
|
23 |
CVE-2011-2517 |
119 |
|
Overflow +Priv |
2012-05-24 |
2012-05-25 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value. |
|
24 |
CVE-2011-2497 |
189 |
|
DoS Overflow Mem. Corr. |
2011-08-29 |
2012-03-19 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow. |
|
25 |
CVE-2011-2492 |
200 |
|
+Info |
2011-07-28 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. |
|
26 |
CVE-2011-2491 |
399 |
|
DoS |
2013-03-01 |
2013-03-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call. |
|
27 |
CVE-2011-2484 |
399 |
|
DoS Bypass |
2011-06-24 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. |
|
28 |
CVE-2011-2482 |
|
|
DoS |
2013-06-08 |
2013-06-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet. |
|
29 |
CVE-2011-2479 |
399 |
|
DoS |
2013-03-01 |
2013-03-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application. |
|
30 |
CVE-2011-2213 |
399 |
|
DoS |
2011-08-29 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. |
|
31 |
CVE-2011-2189 |
399 |
|
DoS |
2011-10-10 |
2012-09-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd. |
|
32 |
CVE-2011-2184 |
|
|
DoS |
2011-09-06 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960. |
|
33 |
CVE-2011-2022 |
20 |
|
DoS +Priv |
2011-05-09 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. |
|
34 |
CVE-2011-1776 |
119 |
|
DoS Overflow +Info |
2011-09-06 |
2012-05-17 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. |
|
35 |
CVE-2011-1771 |
|
|
DoS |
2011-09-06 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem. |
|
36 |
CVE-2011-1770 |
189 |
|
DoS |
2011-06-24 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. |
|
37 |
CVE-2011-1748 |
20 |
|
DoS |
2011-05-09 |
2012-04-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. |
|
38 |
CVE-2011-1747 |
399 |
|
DoS |
2011-05-09 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls. |
|
39 |
CVE-2011-1746 |
189 |
|
DoS Overflow |
2011-05-09 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. |
|
40 |
CVE-2011-1745 |
189 |
|
DoS Overflow +Priv |
2011-05-09 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. |
|
41 |
CVE-2011-1598 |
20 |
|
DoS |
2011-05-09 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. |
|
42 |
CVE-2011-1593 |
189 |
|
DoS Overflow |
2011-05-03 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. |
|
43 |
CVE-2011-1585 |
264 |
|
Bypass |
2013-06-08 |
2013-06-10 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. |
|
44 |
CVE-2011-1581 |
20 |
|
DoS |
2011-05-26 |
2012-03-19 |
4.6 |
None |
Local Network |
High |
Not required |
None |
None |
Complete |
|
The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic. |
|
45 |
CVE-2011-1577 |
119 |
|
DoS Overflow |
2011-05-03 |
2012-04-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media. |
|
46 |
CVE-2011-1573 |
|
|
DoS |
2012-02-01 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data. |
|
47 |
CVE-2011-1495 |
20 |
|
DoS +Priv Mem. Corr. +Info |
2011-05-03 |
2012-04-27 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. |
|
48 |
CVE-2011-1494 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2011-05-03 |
2012-04-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow. |
|
49 |
CVE-2011-1478 |
|
|
DoS |
2011-10-23 |
2012-05-13 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame. |
|
50 |
CVE-2011-1182 |
|
|
|
2013-03-01 |
2013-03-04 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. |
