CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score >= 1)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-1763 20 3 +Priv 2013-02-28 2014-05-16
7.2
None Local Low Not required Complete Complete Complete
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
2 CVE-2014-0038 20 2 +Priv 2014-02-06 2018-01-02
6.9
None Local Medium Not required Complete Complete Complete
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
3 CVE-2009-2692 119 2 Overflow +Priv 2009-08-14 2018-10-10
7.2
Admin Local Low Not required Complete Complete Complete
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
4 CVE-2015-1328 264 1 2016-11-27 2017-09-20
7.2
None Local Low Not required Complete Complete Complete
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
5 CVE-2014-9322 264 1 +Priv 2014-12-17 2017-11-09
7.2
User Local Low Not required Complete Complete Complete
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
6 CVE-2014-5207 264 1 DoS +Priv 2014-08-18 2017-09-07
6.0
None Local High Single system Complete Complete Complete
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
7 CVE-2014-4943 264 1 +Priv 2014-07-19 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
8 CVE-2014-4699 362 1 DoS +Priv 2014-07-09 2014-08-01
6.9
None Local Medium Not required Complete Complete Complete
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
9 CVE-2014-4014 264 1 Bypass 2014-06-23 2018-12-18
6.2
None Local High Not required Complete Complete Complete
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
10 CVE-2014-3631 1 DoS 2014-09-28 2015-03-17
7.2
None Local Low Not required Complete Complete Complete
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.
11 CVE-2014-3153 264 1 +Priv 2014-06-07 2019-04-22
7.2
None Local Low Not required Complete Complete Complete
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
12 CVE-2014-0196 362 1 DoS +Priv Mem. Corr. 2014-05-07 2017-01-06
6.9
None Local Medium Not required Complete Complete Complete
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
13 CVE-2013-2094 189 1 +Priv 2013-05-14 2017-01-06
7.2
None Local Low Not required Complete Complete Complete
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
14 CVE-2013-1959 264 1 +Priv 2013-05-03 2013-11-30
3.7
None Local High Not required Partial Partial Partial
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.
15 CVE-2013-1828 20 1 +Priv 2013-03-22 2013-11-30
6.9
None Local Medium Not required Complete Complete Complete
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.
16 CVE-2013-1773 119 1 DoS Overflow +Priv 2013-02-28 2019-04-22
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
17 CVE-2010-4347 264 1 +Priv 2010-12-22 2017-08-16
6.9
None Local Medium Not required Complete Complete Complete
The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.
18 CVE-2010-4249 399 1 DoS 2010-11-29 2018-10-10
4.9
None Local Low Not required None None Complete
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
19 CVE-2010-4243 399 1 DoS 2011-01-22 2018-10-10
4.9
None Local Low Not required None None Complete
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
20 CVE-2010-3858 399 1 DoS 2010-11-30 2018-10-10
4.9
None Local Low Not required None None Complete
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
21 CVE-2010-3437 189 1 DoS +Info 2010-10-04 2012-03-19
6.6
None Local Low Not required Complete None Complete
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.
22 CVE-2010-1146 264 1 +Priv 2010-04-12 2017-08-16
6.9
None Local Medium Not required Complete Complete Complete
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
23 CVE-2009-3002 200 1 +Info 2009-08-28 2018-11-16
4.9
None Local Low Not required Complete None None
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
24 CVE-2009-3001 200 1 +Info 2009-08-28 2018-11-16
4.9
None Local Low Not required Complete None None
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.
25 CVE-2009-2847 1 +Info 2009-08-18 2018-10-10
4.9
None Local Low Not required Complete None None
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.
26 CVE-2019-17351 400 DoS 2019-10-07 2019-10-11
4.9
None Local Low Not required None None Complete
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.
27 CVE-2019-17133 120 Overflow 2019-10-04 2019-10-10
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
28 CVE-2019-17075 119 DoS Overflow 2019-10-01 2019-10-08
7.1
None Remote Medium Not required None None Complete
An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.
29 CVE-2019-17056 276 2019-10-01 2019-10-08
2.1
None Local Low Not required None Partial None
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
30 CVE-2019-17055 20 2019-10-01 2019-10-08
2.1
None Local Low Not required None Partial None
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
31 CVE-2019-17054 276 2019-10-01 2019-10-08
2.1
None Local Low Not required None Partial None
atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.
32 CVE-2019-17053 276 2019-10-01 2019-10-08
2.1
None Local Low Not required None Partial None
ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.
33 CVE-2019-17052 276 2019-10-01 2019-10-08
2.1
None Local Low Not required None Partial None
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
34 CVE-2019-16995 772 DoS 2019-09-30 2019-10-04
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
35 CVE-2019-16994 772 DoS 2019-09-30 2019-10-04
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
36 CVE-2019-16921 665 +Info 2019-09-27 2019-09-27
5.0
None Remote Low Not required Partial None None
In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813.
37 CVE-2019-16746 120 Overflow 2019-09-24 2019-09-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
38 CVE-2019-16714 200 +Info 2019-09-23 2019-09-24
5.0
None Remote Low Not required Partial None None
In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.
39 CVE-2019-16413 835 DoS 2019-09-18 2019-10-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
40 CVE-2019-16234 476 2019-09-11 2019-10-04
7.8
None Remote Low Not required None None Complete
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
41 CVE-2019-16233 476 2019-09-11 2019-10-04
7.8
None Remote Low Not required None None Complete
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
42 CVE-2019-16232 476 2019-09-11 2019-10-04
7.8
None Remote Low Not required None None Complete
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
43 CVE-2019-16231 476 2019-09-11 2019-10-04
7.8
None Remote Low Not required None None Complete
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
44 CVE-2019-16230 476 2019-09-11 2019-10-04
7.8
None Remote Low Not required None None Complete
drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
45 CVE-2019-16229 476 2019-09-11 2019-10-10
7.8
None Remote Low Not required None None Complete
** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id.
46 CVE-2019-16089 476 2019-09-06 2019-10-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.
47 CVE-2019-15927 125 2019-09-04 2019-09-24
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.
48 CVE-2019-15926 125 2019-09-04 2019-09-14
9.4
None Remote Low Not required Complete None Complete
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.
49 CVE-2019-15925 125 2019-09-04 2019-10-04
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.
50 CVE-2019-15924 476 2019-09-04 2019-09-14
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.
Total number of vulnerabilities : 2356   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.