|Max CVSS||7.8||Min CVSS||1.9||Total Count||36|
|ID||CVSS||Summary||Last (major) update||Published|
net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6
|29-08-2013 - 01:29||22-03-2007 - 15:19|
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathna
|20-08-2013 - 02:34||04-11-2009 - 10:30|
The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 184.108.40.206 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMAN
|18-07-2013 - 01:52||03-09-2008 - 10:12|
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to th
|13-07-2013 - 02:36||28-08-2009 - 11:30|
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.
|12-07-2013 - 01:03||05-09-2006 - 15:04|
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to l
|06-07-2013 - 02:38||16-07-2009 - 11:30|
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone
|22-01-2013 - 23:18||18-08-2009 - 17:00|
The Linux kernel before 220.127.116.11 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) ha
|26-11-2012 - 22:47||08-07-2008 - 20:41|
Linux kernel before 18.104.22.168 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."
|26-11-2012 - 22:44||07-05-2008 - 20:20|
The __scm_destroy function in net/core/scm.c in the Linux kernel 22.214.171.124, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors rela
|05-11-2012 - 23:11||10-11-2008 - 11:15|
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, I
|05-11-2012 - 22:37||22-04-2007 - 15:19|
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspec
|29-10-2012 - 23:16||29-09-2008 - 13:17|
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 126.96.36.199 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denia
|29-10-2012 - 23:14||12-08-2008 - 19:41|
The Linux kernel 2.6.0 through 188.8.131.52, and 2.4.4 through 184.108.40.206, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using
|22-10-2012 - 23:09||14-08-2009 - 11:16|
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC
|19-03-2012 - 00:00||28-08-2009 - 11:30|
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto
|19-03-2012 - 00:00||27-08-2009 - 13:30|
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote a
|19-03-2012 - 00:00||04-06-2009 - 12:30|
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies
|19-03-2012 - 00:00||22-04-2009 - 11:30|
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulne
|19-03-2012 - 00:00||01-12-2008 - 12:30|
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 220.127.116.11 and 2.6 before 18.104.22.168 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT
|19-03-2012 - 00:00||16-05-2008 - 08:54|
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 22.214.171.124, and 2.6.25 before 126.96.36.199, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
|19-03-2012 - 00:00||02-05-2008 - 12:05|
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might
|19-03-2012 - 00:00||03-12-2007 - 19:46|
The mincore function in the Linux kernel before 188.8.131.52 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.
|20-06-2011 - 00:00||19-12-2006 - 21:28|
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data
|07-03-2011 - 22:06||17-03-2008 - 19:44|
Linux kernel before 184.108.40.206, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
|07-03-2011 - 22:03||07-02-2008 - 21:00|
The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.
|07-03-2011 - 22:02||14-12-2007 - 20:46|
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
|07-03-2011 - 22:01||20-11-2007 - 19:46|
Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.
|07-03-2011 - 21:59||07-05-2008 - 20:20|
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.
|07-03-2011 - 21:58||13-08-2007 - 17:17|
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 220.127.116.11 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function
|07-03-2011 - 21:51||24-04-2007 - 12:19|
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.
|07-03-2011 - 21:44||21-11-2006 - 20:07|
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
|30-11-2010 - 01:01||02-03-2007 - 16:18|
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.
|15-09-2010 - 01:30||09-11-2006 - 06:07|
Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.
|21-08-2010 - 01:16||30-06-2008 - 18:41|
Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death sig
|21-08-2010 - 01:08||14-08-2007 - 13:17|
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.
|21-08-2010 - 01:08||13-09-2007 - 21:17|