CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel » 2.5.9 : Security Vulnerabilities

Cpe Name:cpe:/o:linux:linux_kernel:2.5.9
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2018-7480 415 DoS 2018-02-25 2018-05-23
7.2
None Local Low Not required Complete Complete Complete
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
102 CVE-2018-7191 476 DoS 2019-05-17 2019-05-31
4.9
None Local Low Not required None None Complete
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
103 CVE-2018-6927 190 DoS Overflow 2018-02-12 2018-07-12
4.6
None Local Low Not required Partial Partial Partial
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
104 CVE-2018-6555 416 DoS 2018-09-04 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.
105 CVE-2018-6554 772 DoS 2018-09-04 2019-10-09
4.9
None Local Low Not required None None Complete
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
106 CVE-2018-1130 476 DoS 2018-05-10 2019-10-09
4.9
None Local Low Not required None None Complete
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
107 CVE-2018-1120 119 DoS Overflow 2018-06-20 2019-10-09
3.5
None Remote Medium Single system None None Partial
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
108 CVE-2017-18595 415 2019-09-04 2019-10-10
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
109 CVE-2017-18552 787 2019-08-18 2019-10-07
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_latency.
110 CVE-2017-18551 787 2019-08-18 2019-09-24
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.
111 CVE-2017-18550 200 +Info 2019-08-18 2019-08-23
2.1
None Local Low Not required Partial None None
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.
112 CVE-2017-18549 200 +Info 2019-08-18 2019-08-23
2.1
None Local Low Not required Partial None None
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.
113 CVE-2017-18509 20 Exec Code 2019-08-13 2019-09-26
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
114 CVE-2017-18379 119 Overflow 2019-07-27 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.
115 CVE-2017-18360 369 DoS 2019-01-31 2019-04-17
4.9
None Local Low Not required None None Complete
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
116 CVE-2017-18344 125 2018-07-26 2019-03-28
2.1
None Local Low Not required Partial None None
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
117 CVE-2017-18270 DoS 2018-05-18 2019-10-02
3.6
None Local Low Not required None Partial Partial
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
118 CVE-2017-18261 835 DoS 2018-04-19 2019-10-02
4.9
None Local Low Not required None None Complete
The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.
119 CVE-2017-18257 190 DoS Overflow 2018-04-04 2018-07-03
4.9
None Local Low Not required None None Complete
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
120 CVE-2017-18255 190 DoS Overflow 2018-03-31 2019-01-19
4.6
None Local Low Not required Partial Partial Partial
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.
121 CVE-2017-18249 362 DoS 2018-03-26 2019-04-02
4.4
None Local Medium Not required Partial Partial Partial
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
122 CVE-2017-18241 476 DoS 2018-03-21 2018-05-02
4.9
None Local Low Not required None None Complete
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
123 CVE-2017-18224 362 DoS 2018-03-11 2018-05-02
1.9
None Local Medium Not required None None Partial
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.
124 CVE-2017-18218 416 DoS 2018-03-05 2018-05-02
7.2
None Local Low Not required Complete Complete Complete
In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.
125 CVE-2017-18216 476 DoS 2018-03-05 2018-10-30
2.1
None Local Low Not required None None Partial
In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.
126 CVE-2017-18208 835 DoS 2018-03-01 2019-10-02
4.9
None Local Low Not required None None Complete
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
127 CVE-2017-18204 DoS 2018-02-27 2019-10-02
2.1
None Local Low Not required None None Partial
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.
128 CVE-2017-18203 362 DoS 2018-02-27 2018-06-19
1.9
None Local Medium Not required None None Partial
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
129 CVE-2017-18202 416 DoS 2018-02-27 2018-09-26
6.9
None Local Medium Not required Complete Complete Complete
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.
130 CVE-2017-18193 119 DoS Overflow 2018-02-22 2018-05-23
4.9
None Local Low Not required None None Complete
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.
131 CVE-2017-18174 415 2018-02-11 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.
132 CVE-2017-18079 476 DoS 2018-01-29 2019-01-19
7.2
None Local Low Not required Complete Complete Complete
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
133 CVE-2017-18075 763 DoS 2018-01-24 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
134 CVE-2017-17807 862 2017-12-20 2019-10-02
2.1
None Local Low Not required None Partial None
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
135 CVE-2017-17806 787 Overflow 2017-12-20 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
136 CVE-2017-17805 20 DoS 2017-12-20 2018-10-31
7.2
None Local Low Not required Complete Complete Complete
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
137 CVE-2017-17053 416 2017-11-28 2018-12-19
6.9
None Local Medium Not required Complete Complete Complete
The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.
138 CVE-2017-17052 416 2017-11-28 2017-12-20
7.2
None Local Low Not required Complete Complete Complete
The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.
139 CVE-2017-16994 200 +Info 2017-11-27 2018-04-24
2.1
None Local Low Not required Partial None None
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
140 CVE-2017-16939 416 DoS +Priv 2017-11-24 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
141 CVE-2017-15868 20 +Priv 2017-12-05 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
142 CVE-2017-15129 416 Mem. Corr. 2018-01-09 2018-05-03
4.9
None Local Low Not required None None Complete
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.
143 CVE-2017-15127 DoS 2018-01-14 2019-10-02
4.9
None Local Low Not required None None Complete
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
144 CVE-2017-15116 476 DoS 2017-11-30 2018-04-11
4.9
None Local Low Not required None None Complete
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
145 CVE-2017-15115 416 DoS 2017-11-15 2019-05-08
7.2
None Local Low Not required Complete Complete Complete
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
146 CVE-2017-15102 476 +Priv 2017-11-15 2019-05-08
6.9
None Local Medium Not required Complete Complete Complete
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.
147 CVE-2017-12193 476 DoS 2017-11-22 2018-07-12
4.9
None Local Low Not required None None Complete
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.
148 CVE-2017-7518 755 2018-07-30 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.
149 CVE-2017-7482 190 Mem. Corr. 2018-07-30 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
150 CVE-2017-2634 119 Overflow Mem. Corr. 2018-07-27 2019-10-09
7.8
None Remote Low Not required None None Complete
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.
Total number of vulnerabilities : 233   Page : 1 2 3 (This Page)4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.