| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
401 |
CVE-2011-2184 |
|
|
DoS |
2011-09-06 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960. |
|
402 |
CVE-2011-2182 |
119 |
|
Overflow +Priv +Info |
2012-06-13 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017. |
|
403 |
CVE-2011-1770 |
189 |
|
DoS |
2011-06-24 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. |
|
404 |
CVE-2011-1495 |
20 |
|
DoS +Priv Mem. Corr. +Info |
2011-05-03 |
2018-10-09 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. |
|
405 |
CVE-2011-1493 |
|
|
DoS Mem. Corr. |
2012-06-21 |
2015-05-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket. |
|
406 |
CVE-2011-1477 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2012-06-21 |
2017-11-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer. |
|
407 |
CVE-2011-1180 |
119 |
|
DoS Overflow Mem. Corr. |
2013-06-08 |
2013-06-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length. |
|
408 |
CVE-2011-1093 |
|
|
DoS |
2011-07-18 |
2015-05-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. |
|
409 |
CVE-2011-1076 |
|
|
DoS |
2011-10-04 |
2012-05-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key. |
|
410 |
CVE-2011-1017 |
119 |
|
Overflow +Priv +Info |
2011-03-01 |
2018-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table. |
|
411 |
CVE-2011-1013 |
189 |
|
DoS |
2011-05-09 |
2017-08-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. |
|
412 |
CVE-2011-0709 |
|
|
DoS |
2011-02-18 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table. |
|
413 |
CVE-2010-4526 |
362 |
|
DoS |
2011-01-10 |
2018-10-10 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. |
|
414 |
CVE-2010-4342 |
399 |
|
DoS |
2010-12-30 |
2012-03-19 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP. |
|
415 |
CVE-2010-4164 |
189 |
|
DoS |
2011-01-03 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873. |
|
416 |
CVE-2010-3904 |
20 |
|
+Priv |
2010-12-06 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. |
|
417 |
CVE-2010-3873 |
399 |
|
DoS Mem. Corr. |
2011-01-03 |
2013-06-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164. |
|
418 |
CVE-2010-3865 |
189 |
|
DoS Exec Code Overflow |
2011-01-10 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow. |
|
419 |
CVE-2010-3432 |
|
|
DoS |
2010-11-22 |
2018-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. |
|
420 |
CVE-2010-3301 |
|
|
+Priv |
2010-09-22 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. |
|
421 |
CVE-2010-3084 |
119 |
|
DoS Overflow |
2010-09-29 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command. |
|
422 |
CVE-2010-3081 |
119 |
|
Overflow +Priv |
2010-09-24 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. |
|
423 |
CVE-2010-2962 |
20 |
|
+Priv |
2010-11-26 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations. |
|
424 |
CVE-2010-2960 |
|
|
DoS |
2010-09-08 |
2017-08-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. |
|
425 |
CVE-2010-2959 |
189 |
|
DoS Exec Code Overflow |
2010-09-08 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic. |
|
426 |
CVE-2010-2943 |
200 |
|
+Info |
2010-09-30 |
2018-10-10 |
7.9 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
None |
|
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. |
|
427 |
CVE-2010-2798 |
189 |
|
DoS |
2010-09-08 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. |
|
428 |
CVE-2010-2492 |
119 |
|
DoS Overflow +Priv |
2010-09-08 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors. |
|
429 |
CVE-2010-2478 |
189 |
|
DoS Overflow |
2010-09-29 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084. |
|
430 |
CVE-2010-2248 |
20 |
|
DoS |
2010-09-07 |
2018-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions. |
|
431 |
CVE-2010-2240 |
94 |
|
Exec Code |
2010-09-03 |
2018-10-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. |
|
432 |
CVE-2010-1188 |
399 |
|
DoS |
2010-03-31 |
2017-09-18 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed. |
|
433 |
CVE-2010-1173 |
20 |
|
DoS |
2010-05-07 |
2018-10-10 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data. |
|
434 |
CVE-2010-1162 |
|
|
|
2010-04-20 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors. |
|
435 |
CVE-2010-1087 |
|
|
DoS |
2010-04-06 |
2018-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. |
|
436 |
CVE-2010-1086 |
399 |
|
DoS |
2010-04-06 |
2018-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE. |
|
437 |
CVE-2010-1085 |
189 |
|
DoS |
2010-04-06 |
2018-10-10 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set, allows context-dependent attackers to cause a denial of service (crash) via unknown manipulations that trigger a divide-by-zero error. |
|
438 |
CVE-2010-1084 |
119 |
|
DoS Overflow Mem. Corr. |
2010-04-06 |
2018-10-10 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c. |
|
439 |
CVE-2010-0741 |
20 |
|
DoS |
2010-04-12 |
2017-09-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO). |
|
440 |
CVE-2010-0437 |
|
|
DoS |
2010-03-24 |
2018-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors. |
|
441 |
CVE-2010-0008 |
399 |
|
DoS |
2010-03-19 |
2018-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length. |
|
442 |
CVE-2010-0006 |
20 |
|
DoS |
2010-01-26 |
2012-03-19 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567. |
|
443 |
CVE-2009-4537 |
20 |
|
DoS |
2010-01-12 |
2017-09-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. |
|
444 |
CVE-2009-4536 |
189 |
|
Bypass |
2010-01-12 |
2017-09-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385. |
|
445 |
CVE-2009-4308 |
399 |
|
DoS |
2009-12-12 |
2018-10-10 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. |
|
446 |
CVE-2009-4307 |
189 |
|
DoS |
2009-12-12 |
2017-09-18 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). |
|
447 |
CVE-2009-4272 |
20 |
|
DoS |
2010-01-27 |
2017-09-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. |
|
448 |
CVE-2009-4141 |
399 |
|
+Priv |
2010-01-19 |
2017-09-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file. |
|
449 |
CVE-2009-4131 |
264 |
|
|
2009-12-12 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions. |
|
450 |
CVE-2009-4031 |
20 |
|
DoS |
2009-11-29 |
2017-09-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support. |
