Linux : Security Vulnerabilities, CVEs, CVSS score between 1 and 1.99
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-05-27
Updated
2018-01-05
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-03-16
Updated
2016-12-28
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
Max CVSS
1.9
EPSS Score
0.04%
Published
2014-07-03
Updated
2020-08-14
The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.
Max CVSS
1.9
EPSS Score
0.04%
Published
2014-01-18
Updated
2017-08-29
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.
Max CVSS
1.7
EPSS Score
0.04%
Published
2014-01-18
Updated
2017-08-29
drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device.
Max CVSS
1.9
EPSS Score
0.06%
Published
2013-09-16
Updated
2013-10-31
net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.09%
Published
2013-03-22
Updated
2013-04-05
The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.12%
Published
2013-03-22
Updated
2014-02-07
net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.12%
Published
2013-03-22
Updated
2014-02-07
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-04-24
Updated
2023-02-13
The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-02-28
Updated
2023-02-13
The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.12%
Published
2013-03-15
Updated
2013-08-22
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.12%
Published
2013-03-15
Updated
2019-04-22
The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.08%
Published
2013-03-15
Updated
2013-08-22
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.12%
Published
2013-03-15
Updated
2019-04-22
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.12%
Published
2013-03-15
Updated
2019-04-22
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
Max CVSS
1.9
EPSS Score
0.12%
Published
2013-03-15
Updated
2019-04-22
The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.08%
Published
2013-03-15
Updated
2013-03-18
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.
Max CVSS
1.9
EPSS Score
0.09%
Published
2013-03-15
Updated
2019-04-22
The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.08%
Published
2013-03-15
Updated
2013-03-18
The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.08%
Published
2013-03-15
Updated
2013-05-15
The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Max CVSS
1.9
EPSS Score
0.08%
Published
2013-03-15
Updated
2013-05-15
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-03-15
Updated
2019-04-22
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-03-15
Updated
2019-04-22
Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-12-21
Updated
2023-02-13