CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score >= 1)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2001 CVE-2006-4623 DoS 2006-09-11 2018-10-17
7.8
None Remote Low Not required None None Complete
The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet.
2002 CVE-2006-4572 264 Bypass 2006-11-06 2012-03-19
7.5
User Remote Low Not required Partial Partial Partial
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."
2003 CVE-2006-4538 DoS 2006-09-05 2018-10-30
4.9
None Local Low Not required None None Complete
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.
2004 CVE-2006-4535 399 DoS 2006-09-19 2017-10-10
4.9
None Local Low Not required None None Complete
The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.
2005 CVE-2006-4145 399 DoS 2006-08-21 2018-10-17
4.9
None Local Low Not required None None Complete
The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command.
2006 CVE-2006-4093 DoS 2006-08-21 2018-10-17
4.9
None Local Low Not required None None Complete
Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."
2007 CVE-2006-3745 DoS +Priv 2006-08-23 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors.
2008 CVE-2006-3741 DoS 2006-10-10 2018-10-30
4.9
None Local Low Not required None None Complete
The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption).
2009 CVE-2006-3635 119 DoS Overflow 2017-08-06 2017-08-14
4.9
None Local Low Not required None None Complete
The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state.
2010 CVE-2006-3634 DoS 2006-08-04 2011-01-19
4.9
None Local Low Not required None None Complete
The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functions in Linux kernel 2.6.17-rc4 to 2.6.18-rc2 perform the atomic futex operation in the kernel address space instead of the user address space, which allows local users to cause a denial of service (crash).
2011 CVE-2006-3626 +Priv 2006-07-18 2018-10-18
6.2
Admin Local High Not required Complete Complete Complete
Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
2012 CVE-2006-3468 DoS 2006-07-21 2018-10-30
7.8
None Remote Low Not required None None Complete
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
2013 CVE-2006-3085 DoS 2006-06-23 2018-10-18
7.8
None Remote Low Not required None None Complete
xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length.
2014 CVE-2006-2936 399 DoS 2006-07-10 2018-10-18
7.8
None Remote Low Not required None None Complete
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.
2015 CVE-2006-2935 Exec Code Overflow 2006-07-05 2018-10-30
4.6
User Local Low Not required Partial Partial Partial
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.
2016 CVE-2006-2934 399 DoS 2006-06-30 2018-10-18
5.0
None Remote Low Not required None None Partial
SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.
2017 CVE-2006-2932 DoS 2006-08-23 2017-10-10
4.9
None Local Low Not required None None Complete
A regression error in the restore_all code path of the 4/4GB split support for non-hugemem Linux kernels on Red Hat Linux Desktop and Enterprise Linux 4 allows local users to cause a denial of service (panic) via unspecified vectors.
2018 CVE-2006-2629 DoS Mem. Corr. 2006-05-27 2017-07-19
4.0
None Local High Not required None None Complete
Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h.
2019 CVE-2006-2451 399 DoS +Priv 2006-07-07 2018-10-18
4.6
User Local Low Not required Partial Partial Partial
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.
2020 CVE-2006-2448 DoS 2006-06-23 2018-10-18
5.6
None Local High Not required Complete None Complete
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).
2021 CVE-2006-2446 DoS 2006-08-15 2017-10-10
5.4
None Remote High Not required None None Complete
Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite.
2022 CVE-2006-2445 DoS 2006-06-23 2018-10-18
4.0
None Local High Not required None None Complete
Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.
2023 CVE-2006-2444 DoS 2006-05-25 2018-10-30
7.8
None Remote Low Not required None None Complete
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.
2024 CVE-2006-2071 Bypass 2006-04-27 2018-10-18
2.1
None Local Low Not required None Partial None
Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.
2025 CVE-2006-1864 Dir. Trav. 2006-04-26 2018-10-18
4.6
User Local Low Not required Partial Partial Partial
Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.
2026 CVE-2006-1863 Dir. Trav. 2006-04-25 2017-10-10
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.
2027 CVE-2006-1862 DoS 2006-05-24 2017-10-10
4.9
None Local Low Not required None None Complete
The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.
2028 CVE-2006-1860 DoS 2006-05-11 2017-07-19
2.1
None Local Low Not required None None Partial
lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack.
2029 CVE-2006-1859 DoS 2006-05-11 2017-07-19
2.1
None Local Low Not required None None Partial
Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialised return value," aka "slab leak."
2030 CVE-2006-1858 20 DoS Exec Code 2006-05-22 2017-10-10
7.8
None Remote Low Not required None None Complete
SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.
2031 CVE-2006-1857 119 DoS Exec Code Overflow 2006-05-22 2017-10-10
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.
2032 CVE-2006-1856 Bypass 2006-05-19 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions.
2033 CVE-2006-1855 DoS 2006-05-18 2017-10-10
2.1
None Local Low Not required None None Partial
choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process.
2034 CVE-2006-1624 DoS 2006-04-05 2018-10-18
7.8
None Remote Low Not required None None Complete
The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.
2035 CVE-2006-1528 20 DoS 2006-05-18 2018-10-30
4.9
None Local Low Not required None None Complete
Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.
2036 CVE-2006-1527 DoS 2006-05-03 2017-10-10
5.0
None Remote Low Not required None None Partial
The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function.
2037 CVE-2006-1525 399 DoS 2006-04-19 2018-10-03
4.9
None Local Low Not required None None Complete
ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference.
2038 CVE-2006-1524 264 Bypass 2006-04-19 2017-07-19
3.6
None Local Low Not required Partial Partial None
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.
2039 CVE-2006-1523 2006-04-12 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON.
2040 CVE-2006-1522 20 DoS 2006-04-10 2017-10-10
4.9
None Local Low Not required None None Complete
The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the __keyring_search_one function.
2041 CVE-2006-1368 119 DoS Overflow Mem. Corr. 2006-03-23 2018-10-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure.
2042 CVE-2006-1343 2006-03-21 2018-10-18
2.1
None Local Low Not required Partial None None
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.
2043 CVE-2006-1342 2006-03-21 2018-10-18
2.1
None Local Low Not required Partial None None
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
2044 CVE-2006-1242 Bypass 2006-03-15 2018-10-18
5.0
None Remote Low Not required Partial None None
The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks.
2045 CVE-2006-1066 DoS 2006-03-26 2018-10-03
1.2
None Local High Not required None None Partial
Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call.
2046 CVE-2006-1056 310 +Info 2006-04-20 2018-10-30
2.1
None Local Low Not required Partial None None
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
2047 CVE-2006-1055 DoS 2006-04-05 2018-10-03
4.9
None Local Low Not required None None Complete
The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.
2048 CVE-2006-1052 2006-05-05 2018-10-30
2.1
None Local Low Not required None None Partial
The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process.
2049 CVE-2006-0744 20 2006-04-18 2018-10-30
4.9
None Local Low Not required None None Complete
Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.
2050 CVE-2006-0742 DoS 2006-03-09 2018-10-03
4.6
None Local Low Single system None None Complete
The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the "noreturn" attribute set, which allows local users to cause a denial of service by causing user faults on Itanium systems.
Total number of vulnerabilities : 2342   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 (This Page)42 43 44 45 46 47
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.