|Max CVSS||7.8||Min CVSS||1.9||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might
|12-08-2020 - 19:26||04-12-2007 - 00:46|
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.
|30-10-2018 - 16:26||09-11-2006 - 11:07|
The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 18.104.22.168 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consump
|30-10-2018 - 16:25||26-09-2007 - 21:17|
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, I
|19-10-2018 - 18:59||22-04-2007 - 19:19|
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 22.214.171.124 and 2.6.2 before 126.96.36.199, and 2.6.19.x, allow remote attackers to cause a denial of service
|17-10-2018 - 21:46||19-12-2006 - 19:28|
Linux kernel before 188.8.131.52, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
|15-10-2018 - 21:56||08-02-2008 - 02:00|
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.
|15-10-2018 - 21:34||13-08-2007 - 21:17|
Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death sig
|15-10-2018 - 21:31||14-08-2007 - 17:17|
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which t
|03-10-2018 - 21:52||29-01-2008 - 20:00|
Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN
|11-10-2017 - 01:32||08-05-2007 - 23:19|
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.
|11-10-2017 - 01:31||22-11-2006 - 01:07|
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
|11-10-2017 - 01:31||30-01-2007 - 19:28|
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.
|11-10-2017 - 01:31||22-11-2006 - 01:07|
The mincore function in the Linux kernel before 184.108.40.206 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.
|11-10-2017 - 01:31||20-12-2006 - 02:28|
net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6
|11-10-2017 - 01:31||22-03-2007 - 19:19|
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 220.127.116.11 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function
|11-10-2017 - 01:31||24-04-2007 - 16:19|
The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.
|29-09-2017 - 01:29||15-12-2007 - 01:46|
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
|29-09-2017 - 01:29||21-11-2007 - 00:46|
The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number ge
|25-05-2011 - 04:00||13-08-2007 - 21:17|
Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size t
|05-09-2008 - 20:44||31-12-2004 - 05:00|