Linux : Security Vulnerabilities, CVEs, Published In December 2013
The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.
Max CVSS
6.1
EPSS Score
0.62%
Published
2013-12-09
Updated
2014-03-16
Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls.
Max CVSS
4.7
EPSS Score
0.04%
Published
2013-12-09
Updated
2014-01-08
The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application.
Max CVSS
4.6
EPSS Score
0.04%
Published
2013-12-09
Updated
2023-02-13
The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl call.
Max CVSS
4.7
EPSS Score
0.04%
Published
2013-12-09
Updated
2023-02-13
The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.
Max CVSS
5.2
EPSS Score
0.26%
Published
2013-12-14
Updated
2023-02-13
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
Max CVSS
6.2
EPSS Score
0.04%
Published
2013-12-14
Updated
2023-02-13
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
Max CVSS
5.7
EPSS Score
0.28%
Published
2013-12-14
Updated
2023-02-13
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
Max CVSS
7.2
EPSS Score
0.06%
Published
2013-12-14
Updated
2024-02-01
The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.
Max CVSS
3.6
EPSS Score
0.04%
Published
2013-12-09
Updated
2023-02-13
The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.
Max CVSS
3.6
EPSS Score
0.04%
Published
2013-12-09
Updated
2014-03-06
The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.
Max CVSS
3.3
EPSS Score
0.12%
Published
2013-12-09
Updated
2018-04-28
11 vulnerabilities found