CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2011-4132 20 DoS 2012-01-27 2017-12-28
2.1
None Local Low Not required None None Partial
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value."
1452 CVE-2011-4131 189 DoS 2012-05-17 2017-12-28
4.6
None Local Network High Not required None None Complete
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
1453 CVE-2011-4127 264 Bypass 2012-07-03 2017-12-28
4.6
None Local Low Not required Partial Partial Partial
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
1454 CVE-2011-4112 264 DoS 2012-05-17 2015-05-05
4.9
None Local Low Not required None None Complete
The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface.
1455 CVE-2011-4110 264 DoS 2012-01-27 2016-08-22
2.1
None Local Low Not required None None Partial
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
1456 CVE-2011-4098 119 DoS Overflow 2013-06-08 2013-06-10
1.9
None Local Medium Not required None None Partial
The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory.
1457 CVE-2011-4097 189 DoS Overflow 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory.
1458 CVE-2011-4087 399 DoS 2013-06-08 2013-06-10
4.3
None Remote Medium Not required None None Partial
The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device.
1459 CVE-2011-4086 119 DoS Overflow 2012-07-03 2017-12-28
4.9
None Local Low Not required None None Complete
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal.
1460 CVE-2011-4081 DoS 2012-05-24 2012-05-29
4.9
None Local Low Not required None None Complete
crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.
1461 CVE-2011-4080 264 Bypass 2012-05-24 2012-05-29
4.0
None Local High Not required Complete None None
The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment.
1462 CVE-2011-4077 119 DoS Exec Code Overflow Mem. Corr. 2012-01-27 2016-08-22
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.
1463 CVE-2011-3638 DoS 2013-03-01 2013-03-04
4.0
None Local High Not required None None Complete
fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations.
1464 CVE-2011-3637 20 DoS 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.
1465 CVE-2011-3619 20 DoS 2013-06-08 2013-06-10
4.6
None Local Low Not required Partial Partial Partial
The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 3.0 does not properly handle invalid parameters, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by writing to a /proc/#####/attr/current file.
1466 CVE-2011-3593 399 DoS 2013-06-08 2019-04-22
5.7
None Local Network Medium Not required None None Complete
A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames.
1467 CVE-2011-3363 20 DoS 2012-05-24 2012-05-29
5.4
None Remote High Not required None None Complete
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
1468 CVE-2011-3359 119 DoS Overflow 2012-05-24 2012-05-29
5.4
None Remote High Not required None None Complete
The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.
1469 CVE-2011-3353 119 DoS Overflow 2012-05-24 2012-05-25
4.9
None Local Low Not required None None Complete
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
1470 CVE-2011-3209 189 DoS 2012-10-03 2012-10-03
4.9
None Local Low Not required None None Complete
The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call.
1471 CVE-2011-3191 189 DoS Mem. Corr. 2012-05-24 2012-05-25
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.
1472 CVE-2011-3188 DoS 2012-05-24 2016-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
1473 CVE-2011-2942 DoS 2013-06-08 2013-06-10
6.8
None Remote Medium Not required Partial Partial Partial
A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device.
1474 CVE-2011-2928 20 DoS 2011-08-29 2018-10-09
4.9
None Local Low Not required None None Complete
The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.
1475 CVE-2011-2918 399 DoS Overflow 2012-05-24 2012-05-29
4.9
None Local Low Not required None None Complete
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
1476 CVE-2011-2909 200 +Info 2014-02-15 2014-02-18
4.9
None Local Low Not required Complete None None
The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c in the Linux kernel before 3.1 allows local users to obtain sensitive information from kernel memory via a copy of a short string.
1477 CVE-2011-2906 189 DoS Mem. Corr. 2012-05-24 2012-05-29
4.9
None Local Low Not required None None Complete
** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor.
1478 CVE-2011-2905 2013-03-01 2013-03-04
6.2
None Local High Not required Complete Complete Complete
Untrusted search path vulnerability in the perf_config function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory.
1479 CVE-2011-2898 264 +Info 2012-05-24 2012-05-29
4.9
None Local Low Not required Complete None None
net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.
1480 CVE-2011-2723 399 DoS 2011-09-06 2016-08-22
5.7
None Local Network Medium Not required None None Complete
The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic.
1481 CVE-2011-2707 20 +Info 2012-05-24 2012-05-29
4.9
None Local Low Not required Complete None None
The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.
1482 CVE-2011-2700 119 DoS Overflow 2011-09-06 2012-03-19
2.1
None Local Low Not required None None Partial
Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.
1483 CVE-2011-2699 DoS 2012-05-24 2013-10-10
7.8
None Remote Low Not required None None Complete
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
1484 CVE-2011-2695 189 DoS 2011-07-28 2012-03-19
4.9
None Local Low Not required None None Complete
Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.
1485 CVE-2011-2689 399 DoS 2011-07-28 2017-08-28
4.9
None Local Low Not required None None Complete
The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.
1486 CVE-2011-2534 119 DoS Overflow 2011-06-22 2012-03-19
4.0
None Local High Not required None None Complete
Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character.
1487 CVE-2011-2525 DoS 2012-02-01 2014-01-13
7.2
None Local Low Not required Complete Complete Complete
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.
1488 CVE-2011-2521 189 DoS 2012-05-24 2012-05-25
4.9
None Local Low Not required None None Complete
The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program.
1489 CVE-2011-2519 DoS 2013-12-26 2013-12-27
5.2
None Local Network Medium Single system None None Complete
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.
1490 CVE-2011-2518 20 DoS 2012-05-24 2016-08-22
4.9
None Local Low Not required None None Complete
The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux kernel before 2.6.39.2 calls the kern_path function with arguments taken directly from a mount system call, which allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value for the device name.
1491 CVE-2011-2517 119 Overflow +Priv 2012-05-24 2013-12-30
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value.
1492 CVE-2011-2497 189 DoS Overflow Mem. Corr. 2011-08-29 2012-03-19
8.3
None Local Network Low Not required Complete Complete Complete
Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.
1493 CVE-2011-2496 189 DoS Overflow 2012-06-13 2012-06-28
4.9
None Local Low Not required None None Complete
Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping.
1494 CVE-2011-2495 264 2012-06-13 2013-12-30
2.1
None Local Low Not required Partial None None
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.
1495 CVE-2011-2494 200 +Info 2012-06-13 2017-12-28
2.1
None Local Low Not required Partial None None
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.
1496 CVE-2011-2493 DoS 2012-06-13 2012-06-14
2.1
None Local Low Not required None None Partial
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.
1497 CVE-2011-2492 200 +Info 2011-07-28 2016-08-22
1.9
None Local Medium Not required Partial None None
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
1498 CVE-2011-2491 399 DoS 2013-03-01 2013-12-30
4.9
None Local Low Not required None None Complete
The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.
1499 CVE-2011-2484 399 DoS Bypass 2011-06-24 2017-08-28
4.9
None Local Low Not required None None Complete
The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.
1500 CVE-2011-2482 DoS 2013-06-08 2013-12-30
7.8
None Remote Low Not required None None Complete
A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet.
Total number of vulnerabilities : 2343   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 (This Page)31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.