CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score >= 2)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2013-6380 20 DoS 2013-11-26 2014-03-16
4.7
None Local Medium Not required None None Complete
The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.
1202 CVE-2013-6378 189 DoS 2013-11-26 2014-07-17
4.4
None Local Medium Single system None None Complete
The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.
1203 CVE-2013-6376 189 DoS 2013-12-14 2014-03-16
5.2
None Local Network Medium Single system None None Complete
The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.
1204 CVE-2013-6368 20 DoS +Priv 2013-12-14 2019-04-22
6.2
None Local High Not required Complete Complete Complete
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
1205 CVE-2013-6367 189 DoS 2013-12-14 2018-01-08
5.7
None Local Network Medium Not required None None Complete
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
1206 CVE-2013-6335 264 Bypass 2014-08-26 2017-08-28
2.6
None Local High Not required Partial Partial None
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
1207 CVE-2013-6282 20 2013-11-20 2017-09-02
7.2
None Local Low Not required Complete Complete Complete
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
1208 CVE-2013-5634 399 DoS 2013-09-25 2016-12-07
4.3
None Local Network High Single system None None Complete
arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call.
1209 CVE-2013-4592 399 DoS 2013-11-20 2014-03-05
4.0
None Local High Not required None None Complete
Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.
1210 CVE-2013-4591 119 DoS Overflow Mem. Corr. 2013-11-20 2016-12-30
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem.
1211 CVE-2013-4588 119 Overflow +Priv 2013-11-20 2016-12-30
6.6
None Local Medium Single system Complete Complete Complete
Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.
1212 CVE-2013-4587 20 +Priv 2013-12-14 2014-03-16
7.2
None Local Low Not required Complete Complete Complete
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
1213 CVE-2013-4579 310 2013-11-20 2014-03-16
4.3
None Remote Medium Not required Partial None None
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
1214 CVE-2013-4563 189 DoS 2013-11-20 2014-03-05
7.1
None Remote Medium Not required None None Complete
The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.
1215 CVE-2013-4516 200 +Info 2013-11-12 2014-01-07
4.9
None Local Low Not required Complete None None
The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
1216 CVE-2013-4515 200 +Info 2013-11-12 2014-03-05
4.9
None Local Low Not required Complete None None
The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.
1217 CVE-2013-4514 119 DoS Overflow 2013-11-12 2016-12-30
4.7
None Local Medium Not required None None Complete
Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions.
1218 CVE-2013-4513 119 DoS Overflow 2013-11-12 2016-12-30
4.9
None Local Low Not required None None Complete
Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation.
1219 CVE-2013-4512 119 DoS Overflow 2013-11-12 2016-12-30
4.7
None Local Medium Not required None None Complete
Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation.
1220 CVE-2013-4511 189 Overflow +Priv 2013-11-12 2014-03-05
6.9
None Local Medium Not required Complete Complete Complete
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.
1221 CVE-2013-4483 189 DoS 2013-11-04 2015-03-17
4.9
None Local Low Not required None None Complete
The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application.
1222 CVE-2013-4470 264 DoS +Priv Mem. Corr. 2013-11-04 2018-01-08
6.9
None Local Medium Not required Complete Complete Complete
The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
1223 CVE-2013-4387 119 DoS Overflow Mem. Corr. 2013-10-10 2014-03-26
6.1
None Local Network Low Not required None None Complete
net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.
1224 CVE-2013-4350 310 +Info 2013-09-25 2014-01-03
5.0
None Remote Low Not required Partial None None
The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.
1225 CVE-2013-4348 399 DoS 2013-11-04 2014-03-05
7.1
None Remote Medium Not required None None Complete
The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation.
1226 CVE-2013-4345 189 2013-10-10 2019-04-22
5.8
None Remote Medium Not required Partial Partial None
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.
1227 CVE-2013-4343 399 +Priv 2013-09-25 2019-05-31
6.9
None Local Medium Not required Complete Complete Complete
Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call.
1228 CVE-2013-4312 119 DoS Overflow Bypass 2016-02-07 2018-01-04
4.9
None Local Low Not required None None Complete
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
1229 CVE-2013-4300 264 +Priv 2013-09-25 2013-10-30
7.2
None Local Low Not required Complete Complete Complete
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.
1230 CVE-2013-4299 264 +Info 2013-10-24 2019-04-22
6.0
None Remote Medium Single system Partial Partial Partial
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.
1231 CVE-2013-4270 20 Bypass 2013-12-09 2014-03-05
3.6
None Local Low Not required Partial Partial None
The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.
1232 CVE-2013-4254 20 DoS +Priv 2013-08-24 2013-10-02
6.9
None Local Medium Not required Complete Complete Complete
The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.
1233 CVE-2013-4247 189 DoS Mem. Corr. 2013-08-24 2013-08-27
7.8
None Remote Low Not required None None Complete
Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash) via a DFS share mount operation that triggers use of an unexpected DFS referral name length.
1234 CVE-2013-4220 DoS 2013-08-24 2013-08-26
4.9
None Local Low Not required None None Complete
The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel before 3.9.5 on the ARM64 platform allows local users to cause a denial of service (system crash) via vectors involving an attempted register access that triggers an unexpected value in the Exception Syndrome Register (ESR).
1235 CVE-2013-4205 399 DoS 2013-08-24 2013-10-02
4.7
None Local Medium Not required None None Complete
Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call.
1236 CVE-2013-4163 399 DoS 2013-07-29 2013-10-02
4.7
None Local Medium Not required None None Complete
The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.
1237 CVE-2013-4162 399 DoS 2013-07-29 2014-01-03
4.7
None Local Medium Not required None None Complete
The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.
1238 CVE-2013-4129 20 DoS 2013-07-29 2017-08-28
4.7
None Local Medium Not required None None Complete
The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.
1239 CVE-2013-4127 399 DoS 2013-07-29 2013-07-29
4.7
None Local Medium Not required None None Complete
Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.
1240 CVE-2013-4125 399 DoS 2013-07-15 2017-08-28
5.4
None Remote High Not required None None Complete
The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages.
1241 CVE-2013-3302 362 DoS 2013-04-29 2013-05-03
4.4
None Local Medium Not required Partial Partial Partial
Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event.
1242 CVE-2013-3301 DoS 2013-04-29 2019-04-22
7.2
None Local Low Not required Complete Complete Complete
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
1243 CVE-2013-3237 200 +Info 2013-04-22 2013-04-22
4.9
None Local Low Not required Complete None None
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
1244 CVE-2013-3236 200 +Info 2013-04-22 2013-04-22
4.9
None Local Low Not required Complete None None
The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
1245 CVE-2013-3235 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
1246 CVE-2013-3234 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
1247 CVE-2013-3233 200 +Info 2013-04-22 2014-01-03
4.9
None Local Low Not required Complete None None
The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
1248 CVE-2013-3232 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
1249 CVE-2013-3231 200 +Info 2013-04-22 2017-11-28
4.7
None Local Medium Not required Complete None None
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
1250 CVE-2013-3230 200 +Info 2013-04-22 2014-01-03
4.9
None Local Low Not required Complete None None
The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Total number of vulnerabilities : 2249   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 (This Page)26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.