| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-11190 |
362 |
|
Bypass |
2019-04-11 |
2019-06-07 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. |
|
2 |
CVE-2019-3901 |
362 |
|
Bypass |
2019-04-22 |
2019-05-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. |
|
3 |
CVE-2014-9585 |
264 |
|
Bypass |
2015-01-09 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. |
|
4 |
CVE-2014-8160 |
254 |
|
Bypass |
2015-03-02 |
2017-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. |
|
5 |
CVE-2014-4157 |
264 |
|
Bypass |
2014-06-23 |
2018-12-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem. |
|
6 |
CVE-2014-4014 |
264 |
1
|
Bypass |
2014-06-23 |
2018-12-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. |
|
7 |
CVE-2011-4080 |
264 |
|
Bypass |
2012-05-24 |
2012-05-29 |
4.0 |
None |
Local |
High |
Not required |
Complete |
None |
None |
|
The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment. |
|
8 |
CVE-2006-2071 |
|
|
Bypass |
2006-04-27 |
2018-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs. |
|
9 |
CVE-2006-1242 |
|
|
Bypass |
2006-03-15 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks. |
|
10 |
CVE-2005-0179 |
|
|
DoS Bypass |
2005-03-07 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call. |
|
11 |
CVE-2001-1572 |
|
|
Bypass |
2001-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets. |
|
12 |
CVE-2001-0405 |
|
|
Bypass |
2001-07-02 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall. |
