cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field.
Max CVSS
7.5
EPSS Score
14.13%
Published
2006-12-19
Updated
2018-10-17
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-11-22
Updated
2017-07-20
The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error.
Max CVSS
4.0
EPSS Score
0.18%
Published
2006-11-22
Updated
2018-10-30
The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-11-22
Updated
2017-07-20
Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image.
Max CVSS
4.9
EPSS Score
0.18%
Published
2006-11-22
Updated
2017-10-11
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.
Max CVSS
4.0
EPSS Score
0.18%
Published
2006-11-22
Updated
2017-10-11
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.
Max CVSS
4.9
EPSS Score
0.18%
Published
2006-11-22
Updated
2017-10-11
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.
Max CVSS
4.0
EPSS Score
0.09%
Published
2006-11-09
Updated
2018-10-30
Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task.
Max CVSS
4.9
EPSS Score
0.14%
Published
2006-12-31
Updated
2023-02-13
Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.
Max CVSS
7.2
EPSS Score
0.06%
Published
2006-12-02
Updated
2018-10-30
The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels.
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-10-31
Updated
2018-10-17
The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer.
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-10-10
Updated
2018-10-30
Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a SIGBUS in other processes that have an unaligned access.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-10-17
Updated
2020-08-19
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
Max CVSS
7.5
EPSS Score
5.58%
Published
2006-10-10
Updated
2024-02-10
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."
Max CVSS
7.5
EPSS Score
4.47%
Published
2006-11-07
Updated
2023-02-13
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.
Max CVSS
4.9
EPSS Score
0.13%
Published
2006-09-05
Updated
2018-10-30
The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command.
Max CVSS
4.9
EPSS Score
0.06%
Published
2006-08-21
Updated
2018-10-17
Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-08-21
Updated
2018-10-17
Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors.
Max CVSS
7.2
EPSS Score
0.06%
Published
2006-08-23
Updated
2018-10-17
The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption).
Max CVSS
4.9
EPSS Score
0.09%
Published
2006-10-10
Updated
2023-02-13
Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
Max CVSS
6.2
EPSS Score
0.07%
Published
2006-07-18
Updated
2018-10-18
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
Max CVSS
7.8
EPSS Score
31.97%
Published
2006-07-21
Updated
2018-10-30
xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length.
Max CVSS
7.8
EPSS Score
5.48%
Published
2006-06-23
Updated
2018-10-18
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.
Max CVSS
7.8
EPSS Score
1.14%
Published
2006-07-10
Updated
2023-02-13
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-07-05
Updated
2020-08-28
28 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!