CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2011-2479 399 DoS 2013-03-01 2013-03-04
4.9
None Local Low Not required None None Complete
The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.
1502 CVE-2011-2213 20 DoS 2011-08-29 2016-08-22
4.9
None Local Low Not required None None Complete
The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.
1503 CVE-2011-2211 264 +Priv 2012-06-13 2012-06-13
7.2
None Local Low Not required Complete Complete Complete
The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform uses an incorrect pointer, which allows local users to gain privileges by writing a certain integer value to kernel memory.
1504 CVE-2011-2210 264 +Info 2012-06-13 2012-06-13
2.1
None Local Low Not required Partial None None
The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform does not properly restrict the data size for GSI_GET_HWRPB operations, which allows local users to obtain sensitive information from kernel memory via a crafted call.
1505 CVE-2011-2209 189 +Info 2012-06-13 2012-06-13
2.1
None Local Low Not required None None Partial
Integer signedness error in the osf_sysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call.
1506 CVE-2011-2208 189 +Info 2012-06-13 2012-06-13
2.1
None Local Low Not required Partial None None
Integer signedness error in the osf_getdomainname function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call.
1507 CVE-2011-2203 264 DoS 2012-01-27 2012-03-19
2.1
None Local Low Not required None None Partial
The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.
1508 CVE-2011-2189 399 DoS 2011-10-10 2012-09-17
7.8
None Remote Low Not required None None Complete
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
1509 CVE-2011-2184 DoS 2011-09-06 2012-03-19
7.2
None Local Low Not required Complete Complete Complete
The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960.
1510 CVE-2011-2183 362 DoS 2012-06-13 2012-06-14
4.0
None Local High Not required None None Complete
Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application.
1511 CVE-2011-2182 119 Overflow +Priv +Info 2012-06-13 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017.
1512 CVE-2011-2022 20 DoS +Priv 2011-05-09 2014-01-13
6.9
None Local Medium Not required Complete Complete Complete
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.
1513 CVE-2011-1927 DoS 2012-06-13 2012-06-13
5.0
None Remote Low Not required None None Partial
The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets.
1514 CVE-2011-1833 264 Bypass 2012-10-03 2014-03-07
3.3
None Local Medium Not required Partial Partial None
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.
1515 CVE-2011-1776 119 DoS Overflow +Info 2011-09-06 2014-01-13
5.6
None Local Low Not required Partial None Complete
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.
1516 CVE-2011-1771 DoS 2011-09-06 2012-03-19
4.7
None Local Medium Not required None None Complete
The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem.
1517 CVE-2011-1770 189 DoS 2011-06-24 2012-03-19
7.8
None Remote Low Not required None None Complete
Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.
1518 CVE-2011-1768 362 DoS 2012-06-13 2012-06-15
5.4
None Remote High Not required None None Complete
The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading.
1519 CVE-2011-1767 DoS 2012-06-13 2012-06-13
5.4
None Remote High Not required None None Complete
net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading.
1520 CVE-2011-1759 189 DoS Overflow +Priv Mem. Corr. 2012-06-13 2012-06-14
6.2
None Local High Not required Complete Complete Complete
Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users to gain privileges or cause a denial of service (heap memory corruption) by providing a crafted argument and leveraging a race condition.
1521 CVE-2011-1748 20 DoS 2011-05-09 2012-04-16
4.9
None Local Low Not required None None Complete
The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
1522 CVE-2011-1747 399 DoS 2011-05-09 2012-03-19
4.7
None Local Medium Not required None None Complete
The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls.
1523 CVE-2011-1746 189 DoS Overflow 2011-05-09 2014-01-13
6.9
None Local Medium Not required Complete Complete Complete
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.
1524 CVE-2011-1745 189 DoS Overflow +Priv 2011-05-09 2014-01-13
6.9
None Local Medium Not required Complete Complete Complete
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.
1525 CVE-2011-1598 20 DoS 2011-05-09 2012-03-19
4.9
None Local Low Not required None None Complete
The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
1526 CVE-2011-1593 189 DoS Overflow 2011-05-03 2017-08-16
4.9
None Local Low Not required None None Complete
Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.
1527 CVE-2011-1585 264 Bypass 2013-06-08 2015-05-11
3.3
None Local Medium Not required Partial Partial None
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user.
1528 CVE-2011-1581 20 DoS 2011-05-26 2012-03-19
4.6
None Local Network High Not required None None Complete
The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic.
1529 CVE-2011-1577 119 DoS Overflow 2011-05-03 2018-10-09
4.9
None Local Low Not required None None Complete
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.
1530 CVE-2011-1576 119 DoS Overflow Mem. Corr. 2011-08-31 2019-04-22
5.7
None Local Network Medium Not required None None Complete
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.
1531 CVE-2011-1573 DoS 2012-02-01 2014-01-13
5.0
None Remote Low Not required None None Partial
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
1532 CVE-2011-1495 20 DoS +Priv Mem. Corr. +Info 2011-05-03 2018-10-09
7.2
Admin Local Low Not required Complete Complete Complete
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.
1533 CVE-2011-1494 189 DoS Overflow +Priv Mem. Corr. 2011-05-03 2018-10-09
6.9
None Local Medium Not required Complete Complete Complete
Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.
1534 CVE-2011-1493 DoS Mem. Corr. 2012-06-21 2015-05-11
7.5
None Remote Low Not required Partial Partial Partial
Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket.
1535 CVE-2011-1479 399 DoS 2012-06-21 2012-06-22
4.7
None Local Medium Not required None None Complete
Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250.
1536 CVE-2011-1478 DoS 2011-10-23 2018-10-09
5.7
None Local Network Medium Not required None None Complete
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.
1537 CVE-2011-1477 119 DoS Overflow +Priv Mem. Corr. 2012-06-21 2017-11-22
7.2
None Local Low Not required Complete Complete Complete
Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.
1538 CVE-2011-1476 189 DoS Mem. Corr. 2012-06-21 2015-05-11
4.0
None Local High Not required None None Complete
Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer.
1539 CVE-2011-1182 2013-03-01 2014-01-13
3.6
None Local Low Not required None Partial Partial
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
1540 CVE-2011-1180 119 DoS Overflow Mem. Corr. 2013-06-08 2013-06-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length.
1541 CVE-2011-1173 200 +Info 2011-06-22 2012-03-22
5.0
None Remote Low Not required Partial None None
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.
1542 CVE-2011-1172 200 +Info 2011-06-22 2015-10-05
2.1
None Local Low Not required Partial None None
net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
1543 CVE-2011-1171 200 +Info 2011-06-22 2015-10-05
2.1
None Local Low Not required Partial None None
net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
1544 CVE-2011-1170 200 +Info 2011-06-22 2015-10-05
2.1
None Local Low Not required Partial None None
net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
1545 CVE-2011-1169 20 DoS +Priv Mem. Corr. 2011-05-03 2012-04-27
6.9
None Local Medium Not required Complete Complete Complete
Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of service (memory corruption) or possibly gain privileges via a crafted adapter index value that triggers access to an invalid kernel pointer.
1546 CVE-2011-1163 20 +Info 2011-04-09 2015-05-11
2.1
None Local Low Not required Partial None None
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.
1547 CVE-2011-1162 200 +Info 2012-01-27 2012-03-19
2.1
None Local Low Not required Partial None None
The tpm_read function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command.
1548 CVE-2011-1160 200 +Info 2012-06-21 2012-06-26
2.1
None Local Low Not required Partial None None
The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors.
1549 CVE-2011-1093 DoS 2011-07-18 2015-05-05
7.8
None Remote Low Not required None None Complete
The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.
1550 CVE-2011-1090 399 DoS 2011-05-09 2018-10-09
4.9
None Local Low Not required None None Complete
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL.
Total number of vulnerabilities : 2343   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.