| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
201 |
CVE-2013-2237 |
119 |
|
Overflow +Info |
2013-07-04 |
2014-02-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. |
|
202 |
CVE-2013-2234 |
119 |
|
Overflow +Info |
2013-07-04 |
2014-01-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. |
|
203 |
CVE-2013-2164 |
200 |
|
+Info |
2013-07-04 |
2014-01-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. |
|
204 |
CVE-2013-2148 |
399 |
|
+Info |
2013-06-07 |
2014-01-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. |
|
205 |
CVE-2013-2147 |
399 |
|
+Info |
2013-06-07 |
2018-01-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. |
|
206 |
CVE-2013-2141 |
399 |
|
+Info |
2013-06-07 |
2018-01-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. |
|
207 |
CVE-2013-1943 |
20 |
|
+Priv +Info |
2013-07-16 |
2013-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. |
|
208 |
CVE-2013-1928 |
200 |
|
+Info |
2013-04-29 |
2014-01-03 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. |
|
209 |
CVE-2013-1798 |
20 |
|
DoS +Info |
2013-03-22 |
2014-01-27 |
6.2 |
None |
Local Network |
High |
Not required |
Complete |
None |
Complete |
|
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. |
|
210 |
CVE-2013-0349 |
200 |
|
+Info |
2013-02-28 |
2013-06-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. |
|
211 |
CVE-2013-0343 |
|
|
DoS +Info |
2013-02-28 |
2014-03-05 |
3.2 |
None |
Local Network |
High |
Not required |
Partial |
None |
Partial |
|
The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. |
|
212 |
CVE-2013-0160 |
200 |
|
+Info |
2013-02-17 |
2017-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. |
|
213 |
CVE-2012-6549 |
200 |
|
+Info |
2013-03-15 |
2013-08-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. |
|
214 |
CVE-2012-6548 |
200 |
|
+Info |
2013-03-15 |
2014-02-06 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. |
|
215 |
CVE-2012-6547 |
200 |
|
+Info |
2013-03-15 |
2013-08-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
216 |
CVE-2012-6546 |
200 |
|
+Info |
2013-03-15 |
2013-06-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
217 |
CVE-2012-6545 |
200 |
|
+Info |
2013-03-15 |
2014-01-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. |
|
218 |
CVE-2012-6544 |
200 |
|
+Info |
2013-03-15 |
2014-02-06 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. |
|
219 |
CVE-2012-6543 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
220 |
CVE-2012-6542 |
200 |
|
+Info |
2013-03-15 |
2014-01-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. |
|
221 |
CVE-2012-6541 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
222 |
CVE-2012-6540 |
200 |
|
+Info |
2013-03-15 |
2013-05-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
223 |
CVE-2012-6539 |
200 |
|
+Info |
2013-03-15 |
2013-05-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
224 |
CVE-2012-6538 |
200 |
|
+Info |
2013-03-15 |
2013-06-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. |
|
225 |
CVE-2012-6537 |
200 |
|
+Info |
2013-03-15 |
2013-06-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. |
|
226 |
CVE-2012-6536 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state. |
|
227 |
CVE-2012-4530 |
200 |
|
+Info |
2013-02-17 |
2013-06-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
228 |
CVE-2012-4508 |
362 |
|
+Info |
2012-12-21 |
2014-01-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. |
|
229 |
CVE-2012-4467 |
399 |
|
DoS +Info |
2012-10-10 |
2013-01-29 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call. |
|
230 |
CVE-2012-3510 |
399 |
|
DoS +Info |
2012-10-03 |
2013-04-18 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. |
|
231 |
CVE-2012-3430 |
200 |
|
+Info |
2012-10-03 |
2013-04-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. |
|
232 |
CVE-2012-0957 |
16 |
|
+Info |
2012-12-21 |
2013-08-21 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. |
|
233 |
CVE-2011-4914 |
20 |
|
DoS +Info |
2012-06-21 |
2016-08-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. |
|
234 |
CVE-2011-2909 |
200 |
|
+Info |
2014-02-15 |
2014-02-18 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c in the Linux kernel before 3.1 allows local users to obtain sensitive information from kernel memory via a copy of a short string. |
|
235 |
CVE-2011-2898 |
264 |
|
+Info |
2012-05-24 |
2012-05-29 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. |
|
236 |
CVE-2011-2707 |
20 |
|
+Info |
2012-05-24 |
2012-05-29 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request. |
|
237 |
CVE-2011-2494 |
200 |
|
+Info |
2012-06-13 |
2017-12-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password. |
|
238 |
CVE-2011-2492 |
200 |
|
+Info |
2011-07-28 |
2016-08-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. |
|
239 |
CVE-2011-2210 |
264 |
|
+Info |
2012-06-13 |
2012-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform does not properly restrict the data size for GSI_GET_HWRPB operations, which allows local users to obtain sensitive information from kernel memory via a crafted call. |
|
240 |
CVE-2011-2209 |
189 |
|
+Info |
2012-06-13 |
2012-06-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Integer signedness error in the osf_sysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. |
|
241 |
CVE-2011-2208 |
189 |
|
+Info |
2012-06-13 |
2012-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Integer signedness error in the osf_getdomainname function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. |
|
242 |
CVE-2011-2182 |
119 |
|
Overflow +Priv +Info |
2012-06-13 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017. |
|
243 |
CVE-2011-1776 |
119 |
|
DoS Overflow +Info |
2011-09-06 |
2014-01-13 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. |
|
244 |
CVE-2011-1495 |
20 |
|
DoS +Priv Mem. Corr. +Info |
2011-05-03 |
2015-05-11 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. |
|
245 |
CVE-2011-1173 |
200 |
|
+Info |
2011-06-22 |
2012-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet. |
|
246 |
CVE-2011-1172 |
200 |
|
+Info |
2011-06-22 |
2015-10-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. |
|
247 |
CVE-2011-1171 |
200 |
|
+Info |
2011-06-22 |
2015-10-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. |
|
248 |
CVE-2011-1170 |
200 |
|
+Info |
2011-06-22 |
2015-10-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. |
|
249 |
CVE-2011-1163 |
20 |
|
+Info |
2011-04-09 |
2015-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. |
|
250 |
CVE-2011-1162 |
200 |
|
+Info |
2012-01-27 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The tpm_read function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command. |
