CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2007-6694 399 DoS 2008-01-29 2017-09-28
7.8
None Remote Low Not required None None Complete
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.
452 CVE-2007-6417 200 DoS +Info 2007-12-17 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).
453 CVE-2007-6151 119 DoS Overflow 2007-12-14 2017-09-28
7.2
None Local Low Not required Complete Complete Complete
The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.
454 CVE-2007-5966 189 DoS Exec Code Overflow 2007-12-19 2017-09-28
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
455 CVE-2007-5501 399 DoS 2007-11-15 2017-07-28
7.8
None Remote Low Not required None None Complete
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
456 CVE-2007-4997 189 DoS 2007-11-06 2017-09-28
7.1
None Remote Medium Not required None None Complete
Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."
457 CVE-2007-4573 264 +Priv 2007-09-24 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
458 CVE-2007-4567 20 DoS 2007-12-20 2017-09-28
7.8
None Remote Low Not required None None Complete
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
459 CVE-2007-3642 189 DoS 2007-07-09 2012-10-30
7.8
None Remote Low Not required None None Complete
The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.
460 CVE-2007-2764 20 DoS 2007-05-18 2017-07-28
7.8
None Remote Low Not required None None Complete
The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors.
461 CVE-2007-1734 DoS 2007-03-28 2017-07-28
7.2
None Local Low Not required Complete Complete Complete
The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.
462 CVE-2007-1357 DoS 2007-04-10 2008-09-05
7.8
None Remote Low Not required None None Complete
The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.
463 CVE-2007-1000 2007-03-12 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.
464 CVE-2007-0772 399 DoS 2007-02-20 2017-07-28
7.8
None Remote Low Not required None None Complete
The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.
465 CVE-2006-6333 DoS Mem. Corr. 2006-12-06 2008-09-05
7.8
None Remote Low Not required None None Complete
The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an offset.
466 CVE-2006-6304 399 2006-12-14 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
467 CVE-2006-6106 119 DoS Exec Code Overflow 2006-12-19 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field.
468 CVE-2006-5753 DoS +Priv 2007-01-30 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
469 CVE-2006-5751 Exec Code Overflow 2006-12-01 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.
470 CVE-2006-4997 DoS 2006-10-10 2017-10-10
7.1
None Remote Medium Not required None None Complete
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
471 CVE-2006-4623 DoS 2006-09-11 2017-10-10
7.8
None Remote Low Not required None None Complete
The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet.
472 CVE-2006-4572 264 Bypass 2006-11-06 2012-03-19
7.5
User Remote Low Not required Partial Partial Partial
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."
473 CVE-2006-3745 DoS +Priv 2006-08-23 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors.
474 CVE-2006-3468 DoS 2006-07-21 2017-10-10
7.8
None Remote Low Not required None None Complete
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
475 CVE-2006-3085 DoS 2006-06-23 2017-07-19
7.8
None Remote Low Not required None None Complete
xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length.
476 CVE-2006-2936 399 DoS 2006-07-10 2017-10-10
7.8
None Remote Low Not required None None Complete
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.
477 CVE-2006-2444 DoS 2006-05-25 2017-10-10
7.8
None Remote Low Not required None None Complete
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.
478 CVE-2006-1858 20 DoS Exec Code 2006-05-22 2017-10-10
7.8
None Remote Low Not required None None Complete
SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.
479 CVE-2006-1856 Bypass 2006-05-19 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions.
480 CVE-2006-1624 DoS 2006-04-05 2017-07-19
7.8
None Remote Low Not required None None Complete
The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.
481 CVE-2006-0457 DoS 2006-03-13 2017-10-10
7.1
None Remote High Not required Complete None Complete
Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.
482 CVE-2006-0096 2006-01-06 2008-11-20
7.2
None Local Low Not required Complete Complete Complete
wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_RAWIO privilege for an SDLA firmware upgrade, with unknown impact and local attack vectors. NOTE: further investigation suggests that this issue requires root privileges to exploit, since it is protected by CAP_NET_ADMIN; thus it might not be a vulnerability, although capabilities provide finer distinctions between privilege levels.
483 CVE-2006-0036 DoS Mem. Corr. 2006-01-23 2017-07-19
7.8
None Remote Low Not required None None Complete
ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound PPTP_IN_CALL_REQUEST packet that causes a null pointer to be used in an offset calculation.
484 CVE-2005-4886 189 DoS 2010-02-26 2017-08-16
7.8
None Remote Low Not required None None Complete
The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function.
485 CVE-2005-3858 DoS 2005-11-27 2017-10-10
7.8
None Remote Low Not required None None Complete
Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
486 CVE-2005-3848 DoS 2005-11-26 2017-10-10
7.8
None Remote Low Not required None None Complete
Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply."
487 CVE-2005-3810 DoS 2005-11-25 2016-10-17
7.8
None Remote Low Not required None None Complete
ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which leads to a null dereference.
488 CVE-2005-3809 DoS 2005-11-25 2016-10-17
7.8
None Remote Low Not required None None Complete
The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference.
489 CVE-2005-3753 DoS 2005-11-22 2008-09-05
7.8
None Remote Low Not required None None Complete
Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker.
490 CVE-2005-2500 DoS Exec Code Overflow 2005-08-08 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol.
491 CVE-2005-1589 DoS Exec Code 2005-05-17 2017-02-19
7.2
Admin Local Low Not required Complete Complete Complete
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.
492 CVE-2005-1264 2005-05-17 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
493 CVE-2005-1263 Exec Code Overflow 2005-05-11 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
494 CVE-2005-0867 Overflow 2005-05-02 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file.
495 CVE-2005-0839 +Priv 2005-05-02 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions.
496 CVE-2005-0750 +Priv 2005-03-27 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
497 CVE-2005-0749 DoS 2005-04-01 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer.
498 CVE-2005-0449 20 DoS Bypass 2005-05-02 2017-10-10
7.1
None Remote Medium Not required None None Complete
The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.
499 CVE-2005-0209 20 DoS 2005-05-02 2017-10-10
7.8
None Remote Low Not required None None Complete
Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments.
500 CVE-2005-0177 119 DoS Overflow 2005-03-07 2017-10-10
7.8
None Remote Low Not required None None Complete
nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow.
Total number of vulnerabilities : 514   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.