|Max CVSS||7.8||Min CVSS||1.9||Total Count||20|
|ID||CVSS||Summary||Last (major) update||Published|
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, I
|05-11-2012 - 22:37||22-04-2007 - 15:19|
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might
|19-03-2012 - 00:00||03-12-2007 - 19:46|
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
|19-03-2012 - 00:00||13-09-2007 - 21:17|
Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN
|03-10-2011 - 00:00||08-05-2007 - 19:19|
The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue mig
|20-06-2011 - 00:00||21-11-2006 - 20:07|
Linux kernel before 220.127.116.11, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
|07-03-2011 - 22:03||07-02-2008 - 21:00|
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which t
|07-03-2011 - 22:03||29-01-2008 - 15:00|
The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.
|07-03-2011 - 22:02||14-12-2007 - 20:46|
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
|07-03-2011 - 22:01||20-11-2007 - 19:46|
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 18.104.22.168, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users t
|07-03-2011 - 21:58||24-09-2007 - 18:17|
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.
|07-03-2011 - 21:58||13-08-2007 - 17:17|
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 22.214.171.124 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function
|07-03-2011 - 21:51||24-04-2007 - 12:19|
The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs").
|07-03-2011 - 21:48||14-05-2007 - 13:19|
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.
|07-03-2011 - 21:44||21-11-2006 - 20:07|
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.
|15-09-2010 - 01:30||09-11-2006 - 06:07|
The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 126.96.36.199 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consump
|21-08-2010 - 01:11||26-09-2007 - 17:17|
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a
|21-08-2010 - 01:09||04-10-2007 - 19:17|
Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death sig
|21-08-2010 - 01:08||14-08-2007 - 13:17|
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.
|21-08-2010 - 01:08||13-09-2007 - 21:17|
Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater
|21-08-2010 - 01:07||27-07-2007 - 17:30|