CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2014-0206 +Info 2014-06-25 2017-07-10
2.1
None Local Low Not required Partial None None
Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.
152 CVE-2014-0131 399 +Info 2014-03-24 2015-03-25
2.9
None Local Network Medium Not required Partial None None
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
153 CVE-2014-0069 119 DoS Overflow +Priv Mem. Corr. +Info 2014-02-28 2017-12-15
6.2
None Local High Not required Complete Complete Complete
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
154 CVE-2013-7281 200 +Info 2014-01-08 2017-08-28
4.9
None Local Low Not required Complete None None
The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
155 CVE-2013-7271 20 +Info 2014-01-06 2017-08-28
4.9
None Local Low Not required Complete None None
The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
156 CVE-2013-7270 20 +Info 2014-01-06 2017-08-28
4.9
None Local Low Not required Complete None None
The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
157 CVE-2013-7269 20 +Info 2014-01-06 2017-08-28
4.9
None Local Low Not required Complete None None
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
158 CVE-2013-7268 20 +Info 2014-01-06 2014-03-16
4.9
None Local Low Not required Complete None None
The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
159 CVE-2013-7267 20 +Info 2014-01-06 2014-03-16
4.9
None Local Low Not required Complete None None
The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
160 CVE-2013-7266 20 +Info 2014-01-06 2014-03-16
4.9
None Local Low Not required Complete None None
The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
161 CVE-2013-7265 20 +Info 2014-01-06 2017-12-15
4.9
None Local Low Not required Complete None None
The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
162 CVE-2013-7264 20 +Info 2014-01-06 2017-12-15
4.9
None Local Low Not required Complete None None
The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
163 CVE-2013-7263 20 +Info 2014-01-06 2017-12-15
4.9
None Local Low Not required Complete None None
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
164 CVE-2013-4516 200 +Info 2013-11-12 2014-01-07
4.9
None Local Low Not required Complete None None
The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
165 CVE-2013-4515 200 +Info 2013-11-12 2014-03-05
4.9
None Local Low Not required Complete None None
The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.
166 CVE-2013-4350 310 +Info 2013-09-25 2014-01-03
5.0
None Remote Low Not required Partial None None
The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.
167 CVE-2013-4299 264 +Info 2013-10-24 2018-01-08
6.0
None Remote Medium Single system Partial Partial Partial
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.
168 CVE-2013-3237 200 +Info 2013-04-22 2013-04-22
4.9
None Local Low Not required Complete None None
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
169 CVE-2013-3236 200 +Info 2013-04-22 2013-04-22
4.9
None Local Low Not required Complete None None
The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
170 CVE-2013-3235 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
171 CVE-2013-3234 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
172 CVE-2013-3233 200 +Info 2013-04-22 2014-01-03
4.9
None Local Low Not required Complete None None
The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
173 CVE-2013-3232 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
174 CVE-2013-3231 200 +Info 2013-04-22 2017-11-28
4.7
None Local Medium Not required Complete None None
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
175 CVE-2013-3230 200 +Info 2013-04-22 2014-01-03
4.9
None Local Low Not required Complete None None
The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
176 CVE-2013-3229 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
177 CVE-2013-3228 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
178 CVE-2013-3227 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
179 CVE-2013-3226 200 +Info 2013-04-22 2014-01-03
4.9
None Local Low Not required Complete None None
The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
180 CVE-2013-3225 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
181 CVE-2013-3224 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
182 CVE-2013-3223 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
183 CVE-2013-3222 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
184 CVE-2013-3076 200 +Info 2013-04-22 2017-11-28
4.9
None Local Low Not required Complete None None
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.
185 CVE-2013-2929 264 Bypass +Info 2013-12-09 2015-03-25
3.3
None Local Medium Not required Partial Partial None
The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.
186 CVE-2013-2898 20 +Info 2013-09-16 2013-10-30
1.9
None Local Medium Not required Partial None None
drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device.
187 CVE-2013-2895 119 DoS Overflow +Info 2013-09-16 2014-01-03
5.4
None Local Medium Not required Partial None Complete
drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device.
188 CVE-2013-2636 399 +Info 2013-03-22 2013-04-05
1.9
None Local Medium Not required Partial None None
net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
189 CVE-2013-2635 399 +Info 2013-03-22 2014-02-06
1.9
None Local Medium Not required Partial None None
The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
190 CVE-2013-2634 399 +Info 2013-03-22 2014-02-06
1.9
None Local Medium Not required Partial None None
net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
191 CVE-2013-2548 310 +Info 2013-03-15 2014-01-03
2.1
None Local Low Not required Partial None None
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
192 CVE-2013-2547 310 +Info 2013-03-15 2014-01-03
2.1
None Local Low Not required Partial None None
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
193 CVE-2013-2546 310 +Info 2013-03-15 2014-01-03
2.1
None Local Low Not required Partial None None
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.
194 CVE-2013-2237 119 Overflow +Info 2013-07-04 2014-02-06
2.1
None Local Low Not required Partial None None
The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
195 CVE-2013-2234 119 Overflow +Info 2013-07-04 2014-01-30
2.1
None Local Low Not required Partial None None
The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.
196 CVE-2013-2164 200 +Info 2013-07-04 2014-01-30
2.1
None Local Low Not required Partial None None
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
197 CVE-2013-2148 399 +Info 2013-06-07 2014-01-03
2.1
None Local Low Not required Partial None None
The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.
198 CVE-2013-2147 399 +Info 2013-06-07 2018-01-08
2.1
None Local Low Not required Partial None None
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.
199 CVE-2013-2141 399 +Info 2013-06-07 2018-01-08
2.1
None Local Low Not required Partial None None
The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.
200 CVE-2013-1943 20 +Priv +Info 2013-07-16 2013-10-02
6.9
None Local Medium Not required Complete Complete Complete
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
Total number of vulnerabilities : 334   Page : 1 2 3 4 (This Page)5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.