CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel » 2.6.9 2.6.20 : Security Vulnerabilities

Cpe Name:cpe:/o:linux:linux_kernel:2.6.9:2.6.20
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-2406 119 DoS Overflow +Priv 2009-07-31 2018-10-30
6.9
Admin Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size.
2 CVE-2009-1389 119 DoS Overflow Mem. Corr. 2009-06-16 2018-10-30
7.8
None Remote Low Not required None None Complete
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.
3 CVE-2008-4609 16 DoS 2008-10-20 2019-04-30
7.1
None Remote Medium Not required None None Complete
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
4 CVE-2007-0958 2007-02-15 2018-10-30
2.1
None Local Low Not required Partial None None
Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.
5 CVE-2007-0006 DoS 2007-02-06 2017-10-10
1.9
None Local Medium Not required None None Partial
The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."
6 CVE-2006-6060 DoS 2006-11-21 2017-07-19
4.9
None Local Low Not required None None Complete
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function.
7 CVE-2006-6058 189 DoS Overflow 2006-11-21 2018-10-30
4.0
None Local High Not required None None Complete
The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error.
8 CVE-2006-6057 DoS 2006-11-21 2017-07-19
4.9
None Local Low Not required None None Complete
The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function.
9 CVE-2006-6056 DoS 2006-11-21 2017-10-10
4.9
None Local Low Not required None None Complete
Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image.
10 CVE-2006-6054 DoS 2006-11-21 2017-10-10
4.0
None Local High Not required None None Complete
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.
11 CVE-2006-6053 DoS 2006-11-21 2017-10-10
4.9
None Local Low Not required None None Complete
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.
12 CVE-2006-5823 DoS Mem. Corr. 2006-11-09 2018-10-30
4.0
None Local High Not required None None Complete
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.
13 CVE-2006-5757 17 DoS 2006-11-06 2017-10-10
1.2
None Local High Not required None None Partial
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.
14 CVE-2006-5751 Exec Code Overflow 2006-12-01 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.
15 CVE-2006-5701 DoS 2006-11-03 2017-07-19
4.9
None Local Low Not required None None Complete
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.
16 CVE-2006-5174 2006-10-10 2018-10-30
2.1
None Local Low Not required Partial None None
The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer.
17 CVE-2006-5173 DoS 2006-10-17 2018-10-30
2.1
None Local Low Not required None None Partial
Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a SIGBUS in other processes that have an unaligned access.
18 CVE-2006-4997 DoS 2006-10-10 2018-10-30
7.1
None Remote Medium Not required None None Complete
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
19 CVE-2006-4813 2006-10-12 2018-10-30
2.1
None Local Low Not required Partial None None
The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked.
20 CVE-2006-4538 DoS 2006-09-05 2018-10-30
4.9
None Local Low Not required None None Complete
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.
21 CVE-2006-3741 DoS 2006-10-10 2018-10-30
4.9
None Local Low Not required None None Complete
The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption).
22 CVE-2006-3468 DoS 2006-07-21 2018-10-30
7.8
None Remote Low Not required None None Complete
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
23 CVE-2006-3085 DoS 2006-06-23 2018-10-18
7.8
None Remote Low Not required None None Complete
xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length.
24 CVE-2006-2935 Exec Code Overflow 2006-07-05 2018-10-30
4.6
User Local Low Not required Partial Partial Partial
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.
25 CVE-2006-2448 DoS 2006-06-23 2018-10-18
5.6
None Local High Not required Complete None Complete
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).
26 CVE-2006-2446 DoS 2006-08-15 2017-10-10
5.4
None Remote High Not required None None Complete
Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite.
27 CVE-2006-2445 DoS 2006-06-23 2018-10-18
4.0
None Local High Not required None None Complete
Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.
28 CVE-2006-2444 DoS 2006-05-25 2018-10-30
7.8
None Remote Low Not required None None Complete
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.
29 CVE-2006-2071 Bypass 2006-04-27 2018-10-18
2.1
None Local Low Not required None Partial None
Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.
30 CVE-2006-1862 DoS 2006-05-24 2017-10-10
4.9
None Local Low Not required None None Complete
The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.
31 CVE-2006-1858 20 DoS Exec Code 2006-05-22 2017-10-10
7.8
None Remote Low Not required None None Complete
SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.
32 CVE-2006-1857 119 DoS Exec Code Overflow 2006-05-22 2017-10-10
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.
33 CVE-2006-1856 Bypass 2006-05-19 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions.
34 CVE-2006-1528 20 DoS 2006-05-18 2018-10-30
4.9
None Local Low Not required None None Complete
Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.
35 CVE-2006-1242 Bypass 2006-03-15 2018-10-18
5.0
None Remote Low Not required Partial None None
The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks.
36 CVE-2006-1066 DoS 2006-03-26 2018-10-03
1.2
None Local High Not required None None Partial
Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call.
37 CVE-2006-1056 310 +Info 2006-04-20 2018-10-30
2.1
None Local Low Not required Partial None None
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
38 CVE-2006-1052 2006-05-05 2018-10-30
2.1
None Local Low Not required None None Partial
The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process.
39 CVE-2006-0744 20 2006-04-18 2018-10-30
4.9
None Local Low Not required None None Complete
Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.
40 CVE-2006-0742 DoS 2006-03-09 2018-10-03
4.6
None Local Low Single system None None Complete
The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the "noreturn" attribute set, which allows local users to cause a denial of service by causing user faults on Itanium systems.
41 CVE-2006-0741 DoS 2006-03-06 2018-10-03
1.2
None Local High Not required None None Partial
Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."
42 CVE-2006-0558 DoS 2006-04-14 2017-10-10
4.9
None Local Low Not required None None Complete
perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local users to cause a denial of service (crash) by interrupting a task while another process is accessing the mm_struct, which triggers a BUG_ON action in the put_page_testzero function.
43 CVE-2006-0555 DoS 2006-03-06 2018-10-03
2.1
None Local Low Not required None None Partial
The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O).
44 CVE-2006-0554 +Info 2006-03-06 2018-10-03
1.7
None Local Low Single system None Partial None
Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data.
45 CVE-2006-0482 DoS 2006-01-31 2017-07-19
2.1
None Local Low Not required None None Partial
Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a "date -s" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call.
46 CVE-2006-0457 DoS 2006-03-13 2018-10-03
7.1
None Remote High Not required Complete None Complete
Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.
47 CVE-2006-0456 DoS 2006-06-27 2017-10-10
2.1
None Local Low Not required None None Partial
The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.
48 CVE-2006-0096 2006-01-06 2018-10-03
7.2
None Local Low Not required Complete Complete Complete
wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_RAWIO privilege for an SDLA firmware upgrade, with unknown impact and local attack vectors. NOTE: further investigation suggests that this issue requires root privileges to exploit, since it is protected by CAP_NET_ADMIN; thus it might not be a vulnerability, although capabilities provide finer distinctions between privilege levels.
49 CVE-2006-0095 +Info 2006-01-06 2018-10-19
2.1
None Local Low Not required Partial None None
dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.
50 CVE-2006-0038 189 Overflow 2006-03-22 2017-10-10
6.9
Admin Local Medium Not required Complete Complete Complete
Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.
Total number of vulnerabilities : 119   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.