CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel » 2.6.23.9 : Security Vulnerabilities

Cpe Name:cpe:/o:linux:linux_kernel:2.6.23.9
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-4588 119 Overflow +Priv 2013-11-20 2014-01-07
6.6
None Local Medium Single system Complete Complete Complete
Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.
2 CVE-2013-2128 119 DoS Overflow 2013-06-07 2014-02-06
4.9
None Local Low Not required None None Complete
The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket.
3 CVE-2013-1943 20 +Priv +Info 2013-07-16 2013-10-02
6.9
None Local Medium Not required Complete Complete Complete
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
4 CVE-2012-3552 362 DoS 2012-10-03 2013-10-11
5.4
None Remote High Not required None None Complete
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.
5 CVE-2012-0879 20 DoS 2012-05-17 2013-05-03
4.9
None Local Low Not required None None Complete
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
6 CVE-2011-4621 DoS Exec Code 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.
7 CVE-2011-4611 189 DoS Overflow 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events.
8 CVE-2011-4326 399 DoS 2012-05-17 2012-05-17
7.1
None Remote Medium Not required None None Complete
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.
9 CVE-2011-4325 DoS 2012-01-27 2012-04-16
4.9
None Local Low Not required None None Complete
The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP.
10 CVE-2011-4087 399 DoS 2013-06-08 2013-06-10
4.3
None Remote Medium Not required None None Partial
The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device.
11 CVE-2011-4080 264 Bypass 2012-05-24 2012-05-29
4.0
None Local High Not required Complete None None
The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment.
12 CVE-2011-3638 DoS 2013-03-01 2013-03-04
4.0
None Local High Not required None None Complete
fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations.
13 CVE-2011-3637 20 DoS 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.
14 CVE-2011-3363 20 DoS 2012-05-24 2012-05-29
5.4
None Remote High Not required None None Complete
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
15 CVE-2011-3359 119 DoS Overflow 2012-05-24 2012-05-29
5.4
None Remote High Not required None None Complete
The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.
16 CVE-2011-2928 20 DoS 2011-08-29 2012-03-22
4.9
None Local Low Not required None None Complete
The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.
17 CVE-2011-2723 399 DoS 2011-09-06 2012-03-19
5.7
None Local Network Medium Not required None None Complete
The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic.
18 CVE-2011-2700 119 DoS Overflow 2011-09-06 2012-03-19
2.1
None Local Low Not required None None Partial
Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.
19 CVE-2011-2695 189 DoS 2011-07-28 2012-03-19
4.9
None Local Low Not required None None Complete
Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.
20 CVE-2011-2689 399 DoS 2011-07-28 2014-01-13
4.9
None Local Low Not required None None Complete
The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.
21 CVE-2011-2534 119 DoS Overflow 2011-06-22 2012-03-19
4.0
None Local High Not required None None Complete
Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character.
22 CVE-2011-2525 DoS 2012-02-01 2014-01-13
7.2
None Local Low Not required Complete Complete Complete
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.
23 CVE-2011-2521 189 DoS 2012-05-24 2012-05-25
4.9
None Local Low Not required None None Complete
The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program.
24 CVE-2011-2518 20 DoS 2012-05-24 2012-05-25
4.9
None Local Low Not required None None Complete
The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux kernel before 2.6.39.2 calls the kern_path function with arguments taken directly from a mount system call, which allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value for the device name.
25 CVE-2011-2517 119 Overflow +Priv 2012-05-24 2013-12-30
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value.
26 CVE-2011-2497 189 DoS Overflow Mem. Corr. 2011-08-29 2012-03-19
8.3
None Local Network Low Not required Complete Complete Complete
Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.
27 CVE-2011-2492 200 +Info 2011-07-28 2014-01-13
1.9
None Local Medium Not required Partial None None
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
28 CVE-2011-2491 399 DoS 2013-03-01 2013-12-30
4.9
None Local Low Not required None None Complete
The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.
29 CVE-2011-2484 399 DoS Bypass 2011-06-24 2012-03-19
4.9
None Local Low Not required None None Complete
The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.
30 CVE-2011-2482 DoS 2013-06-08 2013-12-30
7.8
None Remote Low Not required None None Complete
A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet.
31 CVE-2011-2479 399 DoS 2013-03-01 2013-03-04
4.9
None Local Low Not required None None Complete
The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.
32 CVE-2011-2213 399 DoS 2011-08-29 2014-01-13
4.9
None Local Low Not required None None Complete
The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.
33 CVE-2011-2189 399 DoS 2011-10-10 2012-09-17
7.8
None Remote Low Not required None None Complete
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
34 CVE-2011-2184 DoS 2011-09-06 2012-03-19
7.2
None Local Low Not required Complete Complete Complete
The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960.
35 CVE-2011-2022 20 DoS +Priv 2011-05-09 2014-01-13
6.9
None Local Medium Not required Complete Complete Complete
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.
36 CVE-2011-1776 119 DoS Overflow +Info 2011-09-06 2014-01-13
5.6
None Local Low Not required Partial None Complete
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.
37 CVE-2011-1771 DoS 2011-09-06 2012-03-19
4.7
None Local Medium Not required None None Complete
The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem.
38 CVE-2011-1770 189 DoS 2011-06-24 2012-03-19
7.8
None Remote Low Not required None None Complete
Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.
39 CVE-2011-1748 20 DoS 2011-05-09 2012-04-16
4.9
None Local Low Not required None None Complete
The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
40 CVE-2011-1747 399 DoS 2011-05-09 2012-03-19
4.7
None Local Medium Not required None None Complete
The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls.
41 CVE-2011-1746 189 DoS Overflow 2011-05-09 2014-01-13
6.9
None Local Medium Not required Complete Complete Complete
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.
42 CVE-2011-1745 189 DoS Overflow +Priv 2011-05-09 2014-01-13
6.9
None Local Medium Not required Complete Complete Complete
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.
43 CVE-2011-1598 20 DoS 2011-05-09 2012-03-19
4.9
None Local Low Not required None None Complete
The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
44 CVE-2011-1593 189 DoS Overflow 2011-05-03 2014-01-13
4.9
None Local Low Not required None None Complete
Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.
45 CVE-2011-1585 264 Bypass 2013-06-08 2013-06-10
3.3
None Local Medium Not required Partial Partial None
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user.
46 CVE-2011-1581 20 DoS 2011-05-26 2012-03-19
4.6
None Local Network High Not required None None Complete
The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic.
47 CVE-2011-1577 119 DoS Overflow 2011-05-03 2014-01-13
4.9
None Local Low Not required None None Complete
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.
48 CVE-2011-1573 DoS 2012-02-01 2014-01-13
5.0
None Remote Low Not required None None Partial
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
49 CVE-2011-1495 20 DoS +Priv Mem. Corr. +Info 2011-05-03 2014-01-13
7.2
Admin Local Low Not required Complete Complete Complete
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.
50 CVE-2011-1494 189 DoS Overflow +Priv Mem. Corr. 2011-05-03 2014-01-13
6.9
None Local Medium Not required Complete Complete Complete
Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.
Total number of vulnerabilities : 324   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.