CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel » 2.6.20.15 : Security Vulnerabilities (Denial Of Service)

Cpe Name:cpe:/o:linux:linux_kernel:2.6.20.15
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-7480 415 DoS 2018-02-25 2018-03-17
7.2
None Local Low Not required Complete Complete Complete
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
2 CVE-2018-6927 190 DoS Overflow 2018-02-12 2018-04-11
4.6
None Local Low Not required Partial Partial Partial
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
3 CVE-2017-18241 476 DoS 2018-03-21 2018-04-20
4.9
None Local Low Not required None None Complete
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
4 CVE-2017-18224 362 DoS 2018-03-11 2018-04-12
1.9
None Local Medium Not required None None Partial
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.
5 CVE-2017-18218 416 DoS 2018-03-05 2018-03-26
7.2
None Local Low Not required Complete Complete Complete
In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.
6 CVE-2017-18216 476 DoS 2018-03-05 2018-03-27
2.1
None Local Low Not required None None Partial
In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.
7 CVE-2017-18208 399 DoS 2018-03-01 2018-04-06
4.9
None Local Low Not required None None Complete
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
8 CVE-2017-18204 399 DoS 2018-02-27 2018-04-06
2.1
None Local Low Not required None None Partial
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.
9 CVE-2017-18203 362 DoS 2018-02-27 2018-04-11
1.9
None Local Medium Not required None None Partial
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
10 CVE-2017-18193 119 DoS Overflow 2018-02-22 2018-03-06
4.9
None Local Low Not required None None Complete
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.
11 CVE-2017-18079 476 DoS 2018-01-29 2018-02-15
7.2
None Local Low Not required Complete Complete Complete
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
12 CVE-2017-18075 399 DoS 2018-01-24 2018-04-06
7.2
None Local Low Not required Complete Complete Complete
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
13 CVE-2017-17805 20 DoS 2017-12-20 2018-04-06
7.2
None Local Low Not required Complete Complete Complete
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
14 CVE-2017-16939 264 DoS +Priv 2017-11-24 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
15 CVE-2017-15127 19 DoS 2018-01-14 2018-04-11
4.9
None Local Low Not required None None Complete
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
16 CVE-2017-15116 476 DoS 2017-11-30 2018-04-11
4.9
None Local Low Not required None None Complete
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
17 CVE-2017-15115 416 DoS 2017-11-15 2018-04-03
7.2
None Local Low Not required Complete Complete Complete
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
18 CVE-2017-12193 476 DoS 2017-11-22 2018-01-26
4.9
None Local Low Not required None None Complete
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.
19 CVE-2015-5707 189 DoS Overflow 2015-10-19 2017-09-16
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
20 CVE-2015-0239 362 DoS +Priv 2015-03-02 2016-12-23
4.7
None Local High Not required None Partial Complete
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.
21 CVE-2014-9529 362 DoS Mem. Corr. 2015-01-09 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
22 CVE-2014-0203 20 DoS 2014-06-23 2017-01-06
4.9
None Local Low Not required None None Complete
The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.
23 CVE-2013-2128 119 DoS Overflow 2013-06-07 2014-02-06
4.9
None Local Low Not required None None Complete
The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket.
24 CVE-2012-3552 362 DoS 2012-10-03 2013-10-11
5.4
None Remote High Not required None None Complete
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.
25 CVE-2012-1583 399 DoS 2012-06-16 2016-08-22
5.0
None Remote Low Not required None None Partial
Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.
26 CVE-2012-1146 DoS 2012-05-17 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.
27 CVE-2012-1097 DoS 2012-05-17 2018-01-17
7.2
None Local Low Not required Complete Complete Complete
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
28 CVE-2012-1090 264 DoS 2012-05-17 2018-01-17
4.9
None Local Low Not required None None Complete
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
29 CVE-2012-0879 20 DoS 2012-05-17 2018-01-17
4.9
None Local Low Not required None None Complete
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
30 CVE-2012-0207 399 DoS 2012-05-17 2012-05-17
7.8
None Remote Low Not required None None Complete
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.
31 CVE-2012-0058 399 DoS 2012-05-17 2016-08-22
4.9
None Local Low Not required None None Complete
The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management.
32 CVE-2012-0044 189 DoS Overflow +Priv Mem. Corr. 2012-05-17 2013-04-18
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.
33 CVE-2012-0038 189 DoS Overflow 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow.
34 CVE-2011-4621 DoS Exec Code 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.
35 CVE-2011-4611 189 DoS Overflow 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events.
36 CVE-2011-4594 DoS 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference.
37 CVE-2011-4326 399 DoS 2012-05-17 2015-05-05
7.1
None Remote Medium Not required None None Complete
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.
38 CVE-2011-4325 DoS 2012-01-27 2017-08-28
4.9
None Local Low Not required None None Complete
The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP.
39 CVE-2011-4112 264 DoS 2012-05-17 2015-05-05
4.9
None Local Low Not required None None Complete
The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface.
40 CVE-2011-4097 189 DoS Overflow 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory.
41 CVE-2011-4087 399 DoS 2013-06-08 2013-06-10
4.3
None Remote Medium Not required None None Partial
The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device.
42 CVE-2011-4081 DoS 2012-05-24 2012-05-29
4.9
None Local Low Not required None None Complete
crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.
43 CVE-2011-3638 DoS 2013-03-01 2013-03-04
4.0
None Local High Not required None None Complete
fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations.
44 CVE-2011-3637 20 DoS 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.
45 CVE-2011-3363 20 DoS 2012-05-24 2012-05-29
5.4
None Remote High Not required None None Complete
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
46 CVE-2011-3359 119 DoS Overflow 2012-05-24 2012-05-29
5.4
None Remote High Not required None None Complete
The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.
47 CVE-2011-3353 119 DoS Overflow 2012-05-24 2012-05-25
4.9
None Local Low Not required None None Complete
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
48 CVE-2011-3191 189 DoS Mem. Corr. 2012-05-24 2012-05-25
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.
49 CVE-2011-3188 DoS 2012-05-24 2016-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
50 CVE-2011-2928 20 DoS 2011-08-29 2017-08-28
4.9
None Local Low Not required None None Complete
The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.
Total number of vulnerabilities : 231   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.