CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel » 2.6.9 RC4 : Security Vulnerabilities

Cpe Name:cpe:/o:linux:linux_kernel:2.6.9:rc4
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2006-1528 20 DoS 2006-05-18 2018-10-30
4.9
None Local Low Not required None None Complete
Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.
302 CVE-2006-1525 399 DoS 2006-04-19 2018-10-03
4.9
None Local Low Not required None None Complete
ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference.
303 CVE-2006-1056 310 +Info 2006-04-20 2018-10-30
2.1
None Local Low Not required Partial None None
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
304 CVE-2006-1052 2006-05-05 2018-10-30
2.1
None Local Low Not required None None Partial
The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process.
305 CVE-2006-0744 20 2006-04-18 2018-10-30
4.9
None Local Low Not required None None Complete
Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.
306 CVE-2006-0557 2006-03-12 2018-10-03
4.9
None Local Low Not required None None Complete
sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors.
307 CVE-2006-0456 DoS 2006-06-27 2017-10-10
2.1
None Local Low Not required None None Partial
The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.
308 CVE-2005-4886 189 DoS 2010-02-26 2018-10-30
7.8
None Remote Low Not required None None Complete
The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function.
309 CVE-2005-3857 399 DoS 2005-11-27 2018-10-19
4.9
None Local Low Not required None None Complete
The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function.
310 CVE-2005-3358 DoS 2005-12-14 2018-10-19
4.9
None Local Low Not required None None Complete
Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs.
311 CVE-2005-3273 264 2005-10-20 2018-10-19
5.0
None Remote Low Not required None Partial None
The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats.
312 CVE-2005-3181 399 DoS 2005-10-12 2018-10-19
2.1
None Local Low Not required None None Partial
The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).
313 CVE-2005-0136 DoS 2005-12-31 2018-10-30
2.1
None Local Low Not required None None Partial
The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.
314 CVE-2004-2660 DoS 2004-12-31 2018-10-30
4.9
None Local Low Not required None None Complete
Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.
Total number of vulnerabilities : 314   Page : 1 2 3 4 5 6 7 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.