- Home
- CVEs with nessus.description==Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following have been fixed in the 2.4 kernels :
Colin Percival discovered a vulnerability in Intel's Hyper-Threading technology could allow a local user to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys via a timing attack on memory cache misses. This has been corrected by disabling HT support in all kernels (CVE-2005-0109).
When forwarding fragmented packets, a hardware assisted checksum could only be used once which could lead to a Denial of Service attack or crash by remote users (CVE-2005-0209).
A flaw in the Linux PPP driver was found where on systems allowing remote users to connect to a server via PPP, a remote client could cause a crash, resulting in a Denial of Service (CVE-2005-0384).
An information leak in the ext2 filesystem code was found where when a new directory is created, the ext2 block written to disk is not initialized (CVE-2005-0400).
A signedness error in the copy_from_read_buf function in n_tty.c allows local users to read kernel memory via a negative argument (CVE-2005-0530).
George Guninski discovered a buffer overflow in the ATM driver where the atm_get_addr() function does not validate its arguments sufficiently which could allow a local attacker to overwrite large portions of kernel memory by supplying a negative length argument.
This could potentially lead to the execution of arbitrary code (CVE-2005-0531).
A flaw when freeing a pointer in load_elf_library was found that could be abused by a local user to potentially crash the machine causing a Denial of Service (CVE-2005-0749).
A problem with the Bluetooth kernel stack in kernels 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 could be used by a local attacker to gain root access or crash the machine (CVE-2005-0750).
A race condition in the Radeon DRI driver allows a local user with DRI privileges to execute arbitrary code as root (CVE-2005-0767).
Paul Starzetz found an integer overflow in the ELF binary format loader's code dump function in kernels prior to and including 2.4.31-pre1 and 2.6.12-rc4. By creating and executing a specially crafted ELF executable, a local attacker could exploit this to execute arbitrary code with root and kernel privileges (CVE-2005-1263).
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top