cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
Max CVSS
7.1
EPSS Score
7.02%
Published
2009-12-13
Updated
2018-10-10
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.
Max CVSS
4.7
EPSS Score
0.04%
Published
2009-12-16
Updated
2023-02-13
Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X86_SETUP_MCE IOCTL request that specifies a large number of Machine Check Exception (MCE) banks.
Max CVSS
7.8
EPSS Score
0.04%
Published
2009-11-20
Updated
2020-08-12
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Max CVSS
7.8
EPSS Score
0.30%
Published
2009-11-09
Updated
2023-02-13
The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-10-29
Updated
2023-02-13
The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request.
Max CVSS
7.8
EPSS Score
4.35%
Published
2009-10-30
Updated
2023-02-13
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
Max CVSS
7.8
EPSS Score
0.04%
Published
2009-10-22
Updated
2024-02-09
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
Max CVSS
7.0
EPSS Score
0.04%
Published
2009-11-04
Updated
2024-02-15
The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference) or possibly gain privileges via certain pseudo-terminal I/O activity, as demonstrated by KernelTtyTest.c.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-09-02
Updated
2012-03-19
The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker.
Max CVSS
4.7
EPSS Score
0.04%
Published
2009-08-18
Updated
2017-09-19
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
Max CVSS
5.9
EPSS Score
0.05%
Published
2009-08-18
Updated
2020-08-28
The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer."
Max CVSS
7.8
EPSS Score
0.04%
Published
2009-08-14
Updated
2024-02-09
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
Max CVSS
7.8
EPSS Score
0.05%
Published
2009-08-27
Updated
2023-12-28
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-08-28
Updated
2017-09-19

CVE-2009-2692

Public exploit
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Max CVSS
7.8
EPSS Score
0.05%
Published
2009-08-14
Updated
2024-02-08
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-07-01
Updated
2020-08-19
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).
Max CVSS
7.2
EPSS Score
0.06%
Published
2009-07-16
Updated
2023-02-13
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
Max CVSS
7.1
EPSS Score
0.19%
Published
2009-05-28
Updated
2018-11-08
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.
Max CVSS
7.8
EPSS Score
10.36%
Published
2009-06-16
Updated
2023-02-13
The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets.
Max CVSS
7.1
EPSS Score
1.94%
Published
2009-04-22
Updated
2012-03-19
Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registered Kprobes probe.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-17
Updated
2012-03-19
fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-01-26
Updated
2024-02-09
22 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!